HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration - Page 35

Step 4. Enable command authorization. 5. Enable command accounting. 6. Exit to system view. 7. Apply an AAA authentication scheme to the intended domain. 8. Create a local user and enter local user view. Command command authorization command accounting quit a. Enter ISP domain view: domain domain-name b. Apply an AAA scheme to the domain: authentication default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } c. Exit to system view: quit local-user user-name Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users. Command accounting allows the HWTACACS server to record all commands executed by users, regardless of command execution results. This function helps control and monitor user behaviors on the device. If command accounting is enabled and command authorization is not enabled, every executed command is recorded on the HWTACACS server. If both command accounting and command authorization are enabled, only the authorized and executed commands are recorded on the HWTACACS server. N/A Optional. By default, local authentication is used. For local authentication, configure local user accounts. For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme on the device and configure authentication settings (including the username and password) on the server. For more information about AAA configuration, see Security Configuration Guide. By default, no local user exists. 29