40
scheme: Enables remote AAA authentication.
Usage guidelines
For local password authentication, use the super password command to set a password.
For remote AAA authentication, set the username and password on the RADIUS or HWTACACS
server.
If you specify both local and scheme keywords, the keyword first entered in the command takes
precedence.
• scheme local—Enables remote-then-local authentication mode. The device first performs AAA
authentication to obtain a temporary user role. Local password authentication is performed if
the remote HWTACACS or RADIUS server does not respond, or if the AAA configuration on the
device is invalid.
• local scheme—Enables local-then-remote authentication mode. The device first performs
local password authentication. If no password is configured for the user role, the device
performs remote authentication for VTY users. An AUX user can obtain another user role by
either entering a string or not entering anything.
For more information about AAA, see Security Configuration Guide.
Examples
# Enable local-only authentication for temporary user role authorization.
<Sysname> system-view
[Sysname] super authentication-mode local
# Enable remote-then-local authentication for temporary user role authorization.
<Sysname> system-view
[Sysname] super authentication-mode scheme local
Related commands
authentication super (Security Command Reference)
super password
super default role
Use super default role to specify the default target user role for temporary user role authorization.
Use undo super default role to restore the default.
Syntax
super default role role-name
undo super default role
Default
The default target user role is network-admin.
Views
System view
Predefined user roles
network-admin
Parameters
role-name: Specifies the name of the default target user role, a case-sensitive string of 1 to 63
characters. The user role must exist in the system and cannot be security-audit.
To Next Page
Loading...
Need help?
General