Configuration procedure
To configure command authorization:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter user line view or user line class view. |
| A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view. A setting in user line class view does not take effect for current online users. It takes effect only for new login users. |
3. Enable scheme authentication. | authentication-mode scheme | In non-FIPS mode, authentication is disabled for AUX lines, and password authentication is enabled for VTY lines by default. In FIPS mode, scheme authentication is enabled by default. In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view. |
4. Enable command authorization. | command authorization | By default, command authorization is disabled, and the commands available for a user only depend on the user role. If the command authorization command is configured in user line class view, command authorization is enabled on all user lines in the class. You cannot configure the undo command authorization command in the view of a user line in the class. |