20
Login authentication modes
You can configure login authentication to prevent illegal access to the device CLI.
In non-FIPS mode, the device supports the following login authentication modes:
• None—Disables authentication. This mode allows access without authentication and is
insecure.
• Password—Requires password authentication.
• Scheme—Uses the AAA module to provide local or remote login authentication. You must
provide a username and password at login.
In FIPS mode, the device supports only the scheme authentication mode.
Different login authentication modes require different user line configurations, as shown in Table 8.
Table 8
Configuration required for different login authentication modes
Authentication mode Configuration tasks
None Set the authentication mode to
none
.
Password
1. Set the authentication mode to password.
2. Set a password.
Scheme
1. Set the authentication mode to scheme.
2. Configure login authentication methods in ISP domain view. For more
information, see Security Configuration Guide.
User roles
A user is assigned one or more user roles at login, and a user can access only commands permitted
by the assigned user roles. For more information about user roles, see "Configuring RBAC."
The device a
ssigns user roles based on the login authentication mode and login method:
• If none or password authentication is used, the device assigns user roles according to the user
role configuration made for the user line.
• If scheme authentication is used:
{ For an SSH login user who uses publickey or password-publickey authentication, the device
assigns the user roles specified for the local device management user with the same name.
{ For other users, the device assigns user roles according to the user role configuration made
on the AAA module. If the AAA server does not assign any user role and the default user
role feature is disabled, a remote AAA authentication user cannot log in.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
Telnet login is not supported in FIPS mode.
To Next Page
Loading...
Need help?
General