58
Keywords Authentication mode Description
scheme local
Remote AAA authentication
first, and then local
password authentication
(remote-then-local)
Remote AAA authentication is performed first.
Local password authentication is performed in either of the
following situations:
• The HWTACACS or RADIUS server does not respond.
• The remote AAA configuration on the device is invalid.
Configuring user role authentication
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Set an authentication
mode.
super authentication-mode
{ local | scheme } *
By default, local-only authentication applies.
3. (Optional.) Specify
the default target
user role for
temporary user role
authorization.
super default role rolename
By default, the default target user role is
network-admin.
4. Set a local
authentication
password for a user
role.
• In non-FIPS mode:
super password [ role
rolename ] [ { hash |
simple } password ]
• In FIPS mode:
super password [ role
rolename ]
Use this step for local password authentication.
By default, no password is configured.
If you do not specify the role rolename option,
the command sets a password for the default
target user role.
Obtaining temporary user role authorization
AUX or VTY users must pass authentication before they can use a user role that is not included in the user
account they are logged in with.
Perform the following task in user view:
Task Command
Remarks
Obtain the temporary
authorization to use a
user role.
super [ rolename ]
If you do not specify the rolename argument, you obtain
the default target user role for temporary user role
authorization.
The operation fails after three consecutive unsuccessful
password attempts.
The user role must have the permission to execute the
super command to obtain temporary user role
authorization.
To Next Page
Loading...
Need help?
General
