Chapter4UserManagement
2.Conīægureanauthenticationtemplate.
3.Conīægureanauthorizationtemplate.
4.Conīægurean"enable"passwordtoraisetheuser'sprivilegelevel.
ConīgurationCommands
RunthefollowingcommandsontheZXR10ZSRV2:
R1(config)#tacacsenable
R1(config)#tacacs-serverhost10.1.1.1keyzte
R1(config)#tacplusgroup-serverztegroup
R1(config-sg)#server10.1.1.1
R1(config-sg)#exit
R1(config)#system-user
R1(config-system-user)#authentication-template1
R1(config-system-user-authen-temp)#bindaaa-authentication-template2001
R1(config-system-user-authen-temp)#exit
R1(config-system-user)#authorization-template1
R1(config-system-user-author-temp)#bindaaa-authorization-template2001
R1(config-system-user-author-temp)#local-privilege-level5
R1(config-system-user-author-temp)#exit
R1(config-system-user)#user-namezte
R1(config-system-user-username)#bindauthentication-template1
R1(config-system-user-username)#bindauthorization-templat1
R1(config-system-user-username)#passwordzte
R1(config-system-user-username)#exit
R1(config-system-user)#exit
R1(config)#aaa-authentication-template2001
R1(config-aaa-authen-template)#aaa-authentication-typetacacs-local
R1(config-aaa-authen-template)#authentication-tacacs-groupztegroup
R1(config-aaa-authen-template)#exit
R1(config)#aaa-authorization-template2001
R1(config-aaa-author-template)#aaa-authorization-typenone
R1(config-aaa-author-template)#exit
Thefollowingprovidesaglobal"enable"authenticationconīægurationmode,whichcanbe
settoaaamodeorlocalmode.Theaaamodemeansusingthe"enable"passwordsetby
theserver.
R1(config)#system-user
R1(config-system-user)#global-enable-typeaaaauthentication-template1
/*Configuresuser'senablecommandauthenticationmode.*/
R1(config-system-user)#exit
4-19
SJ-20140504150128-007|2014-05-10(R1.0)ZTEProprietaryandConīædential
To Next Page
Loading...
