R2511-HP MSR Router Series Fundamentals Configuration Guide(V5)
29
• To make the command authorization or command accounting function take effect, apply an
HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the
authorization server and other authorization parameters.
• If the local authentication scheme is used, use the authorization-attribute level level command in
local user view to set the user privilege level on the device.
• If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
RADIUS or HWTACACS server.
To configure scheme authentication for console login:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter console user interface
view.
user-interface console first-number
[ last-number ]
N/A
3. Enable scheme
authentication.
authentication-mode scheme
Whether local, RADIUS, or
HWTACACS authentication is
adopted depends on the configured
AAA scheme.
By default, console login users are
not authenticated.
4. Enable command
authorization.
command authorization
Optional.
By default, command authorization
is disabled. The commands
available for a user only depend on
the user privilege level.
If command authorization is
enabled, a command is available
only if the user has the
commensurate user privilege level
and is authorized to use the
command by the AAA scheme.