40
other view. A non-default setting in user
line view takes precedence over a
non-default setting in user line class view.
A
setting in user line view takes effect
immediately and affects the online user. A
setting in user line class view does not
affect online users and takes effect only
for new login users.
3. Enable scheme
authentication.
authentication-mode
scheme
By default, authentication is disabled for
AUX lines, and password authentication
is enabled for VTY lines.
In VTY line view, this command is
associated with the
protocol inbound
command. If you specify a non-default
value for only one of the two commands in
VTY line view, the other command uses
the default setting, regardless of the
setting in VTY line class view.
4.
authorization.
command authorization
By default, command authorization is
disabled, and the commands available for
a user vary only by user role.
If the
command authorization
command
is configured in user line class view,
command authorization is enabled on all
user lines in the class. You cannot
configure the
undo command
authorization
command in the view of a
user line in the class.
Configuration example
Network requirements
As shown in Figure 17, Host A needs to log in to the device to manage the device.
Configure the device to perform the following tasks:
Allows Host A to Telnet in after authentication.
Uses the HWTACACS server to control the commands that the user can execute.
If the HWTACACS server is not available, uses local authorization.
Figure 17 Network diagram
IP network
Host A
HWTACACS server
192.168.2.20/24
Device
To Next Page
Loading...
Need help?
General