HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration - Page 42

Step Command Remarks 5. Enable command authorization. command authorization Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. 6. Enable command accounting. command accounting 7. Exit to system view. quit Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users. Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result. This function helps control and monitor user behaviors on the device. If command accounting is enabled and command authorization is not enabled, every executed command is recorded on the HWTACACS server. If both command accounting and command authorization are enabled, only the authorized and executed commands are recorded on the HWTACACS server. N/A 8. Apply an AAA authentication scheme to the intended domain. a. Enter ISP domain view: domain domain-name b. Apply an AAA scheme to the domain: authentication default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } c. Exit to system view: quit Optional. By default, local authentication is used. For local authentication, configure local user accounts. For RADIUS or HWTACACS authentication, configure the RADIUS or HWTACACS scheme on the device and configure authentication settings (including the username and password) on the server. For more information about AAA configuration, see Security Configuration Guide. 36