HP 5120 series Configuration Manual page 26

Gigabit ethernet switches

Hide thumbs

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

page of 161

/ 161
Contents
Table of Contents

Table of Contents

Setting the authentication mode for user privilege level switch

A user can switch to a privilege level equal to or lower than the current one unconditionally and is not

required to input a password (if any).

For security, a user is required to input the password (if any) to switch to a higher privilege level. The

authentication falls into one of the following four categories:

Authentication

mode

local

scheme

local scheme

scheme local

Follow these steps to set the authentication mode for user privilege level switch:

To do...

Enter system view

Set the authentication mode for

user privilege level switch

Configure the password for user

privilege level switch

Meaning

Description

The switch authenticates a user by using the privilege level switch

password input by the user.

Local password

authentication

When this mode is applied, you need to set the password for

privilege level switch with the super password command.

The switch sends the username and password for privilege level

switch to the HWTACACS or RADIUS server for remote

authentication.

Remote AAA

When this mode is applied, you need to perform the following

authentication

configurations:

through

•

HWTACACS or

RADIUS

•

Performs the local

The switch authenticates a user by using the local password first. If

password

no local password is set, the privilege level is switched directly for

authentication first

the users logged in from the AUX port, and remote AAA

and then the

authentication is performed on the users logged in from VTY user

remote AAA

interfaces.

authentication

Performs remote

AAA

AAA authentication is performed first, and if the remote

authentication first

HWTACACS or RADIUS server does not respond or AAA

and then the local

configuration on the switch is invalid, the local password

password

authentication is performed.

authentication

Use the command...

system-view

super authentication-mode { local

| scheme } *

•

In non-FIPS mode:

super password [ level

user-level ] [ hash ] { cipher |

simple } password

•

In FIPS mode:

super password [ level

user-level ] { cipher | simple }

password

Configure HWTACACS or RADIUS scheme and reference the

created scheme in the ISP domain. For more information, see the

Security Configuration Guide.

Create the corresponding user and configure password on the

HWTACACS or RADIUS server.

Remarks

—

Optional

local by default.

Required if the authentication

mode is set to local.

By default, no privilege level switch

password is configured.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

HP 5120 series Configuration Manual page 26

Hide quick links:

Related Manuals for HP HP 5120 series

Related Products for HP HP 5120 series

Table of Contents