51
[Device-luser-manage-admin] service-type telnet
[Device-luser-manage-admin] authorization-attribute user-role level-1
Configuring command accounting
Command accounting allows the HWTACACS server to record all executed commands that are
supported by the device, regardless of the command execution result. This feature helps control and
monitor user behavior on the device.
When command accounting is disabled, the accounting server does not record the commands
executed by users. If command accounting is enabled but command authorization is not, every
executed command is recorded on the HWTACACS server. If both command accounting and
command authorization are enabled, only authorized commands that are executed are recorded on
the HWTACACS server.
This section provides only the procedure for configuring command accounting. To make the
command accounting feature take effect, you must configure a command accounting method in ISP
domain view. For more information, see Security Configuration Guide.
Configuration procedure
To configure command accounting:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter user line view or
user line class view.
• Enter user line view:
line { first-number1
[ last-number1 ] | { aux | vty }
first-number2
[ last-number2 ] }
• Enter user line class view:
line class { aux | vty }
A setting in user line view is applied only
to the user line. A setting in user line class
view is applied to all user lines of the
class.
A non-default setting in either view takes
precedence over a default setting in the
other view. A non-default setting in user
line view takes precedence over a
non-default setting in user line class view.
A setting in user line view takes effect
immediately and affects the online user. A
setting in user line class view does not
affect online users and takes effect only
for users who log in after the configuration
is completed.
3. Enable scheme
authentication.
authentication-mode
scheme
By default, authentication is disabled for
AUX lines, and password authentication
is enabled for VTY lines.
In VTY line view, this command is
associated with the
protocol inbound
command. If you specify a non-default
value for only one of the two commands in
VTY line view, the other command uses
the default setting, regardless of the
setting in VTY line class view.
4. Enable command
accounting.
command accounting
By default, command accounting is
disabled, and the accounting server does
not record the commands executed by
users.
If the
command accounting
command is
configured in user line class view,
To Next Page
Loading...
Need help?
General