To Next Page

To Previous Page

A relative number uniquely identifies a user line among all user lines that are the same type. The number

format is user line type + number. All the types of user lines are numbered starting from 0 and

incrementing by 1. For example, the first VTY line is VTY 0.

You can configure login authentication to prevent illegal access to the device CLI.

In non-FIPS mode, the device supports the following login authentication modes:

• None—Disables authentication. This mode allows access without authentication and is insecure.

• Password—Requires password authentication.

• Scheme—Uses the AAA module to provide local or remote login authentication. You must provide

a username and password at login.

In FIPS mode, the device supports only the scheme authentication mode.

Different login authentication modes require different user line configurations, as shown in Table 8.

Table 8 Configuration required for differen

t login authentication modes

Authentication mode Confi

uration tasks

None Set the authentication mode to none.

Password

1. Set the authentication mode to password.

2. Set a password.

Scheme

1. Set the authentication mode to scheme.

2. Configure login authentication methods in ISP domain view. For more

information, see Security Configuration Guide.

User roles

A user is assigned one or more user roles at login, and a user can access only commands permitted by

the assigned user roles. For more information about user roles, see "Configuring RBAC."

he device assigns user roles based on the login authentication mode and login method:

• If none or password authentication is used, the device assigns user roles according to the user role

configuration made on the user line.

• If scheme authentication is used:

{ For an SSH login user who uses publickey or password-publickey authentication, the device

assigns user roles according to the user role configuration made for the user in local user view.

{ For other users, the device assigns user roles according to the user role configuration made on

the AAA module. For remote AAA authentication users, if the AAA server does not assign any

user role to a user and the default user role function is disabled, the user cannot log in.

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,

commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about

FIPS mode, see Security Configuration Guide.

HP 5920 Series Fundamentals Configuration Guide

Other manuals for HP 5920 Series