64
Keywords Authentication mode Description
local
scheme
Local password
authentication first, and
then remote AAA
authentication
(local-then-remote)
Local password authentication is performed first.
If no local password is configured for the user role in this
mode:
• The device performs remote AAA authentication for
VTY users.
• An AUX user can obtain another user role by either
entering a string or not entering anything.
scheme
local
Remote AAA
authentication first, and
then local password
authentication
(remote-then-local)
Remote AAA authentication is performed first.
Local password authentication is performed in either of
the following situations:
• The HWTACACS or RADIUS server does not
respond.
• The remote AAA configuration on the device is
invalid.
Configuring user role authentication
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Set an
authentication
mode.
super authentication-mode
{
local
|
scheme
}
*
By default, local-only authentication applies.
3. (Optional.) Specify
the default target
user role for
temporary user role
authorization.
super default role
rolename
By default, the default target user role is
network-admin.
4. Set a local
authentication
password for a user
role.
• In non-FIPS mode:
super password [ role
rolename ] [ { hash |
simple } password ]
• In FIPS mode:
super password [ role
rolename ]
Use this step for local password authentication.
By default, no password is configured.
If you do not specify the
role
rolename option,
the command sets a password for the default
target user role.
Obtaining temporary user role authorization
AUX or VTY users must pass authentication before they can use a user role that is not included in
the user account they are logged in with.
Perform the following task in user view:
Task Command Remarks
Obtain the temporary
authorization to use a
user role.
super
[ rolename ]
If you do not specify the rolename argument, you
obtain the default target user role for temporary user
role authorization.
The operation fails after three consecutive
unsuccessful password attempts.
The user role must have the permission to execute the
super
command to obtain temporary user role
To Next Page
Loading...
Need help?
General