Overview of Configuration Examples

Category	Scenario	Example
Authentication mode of administrators	Local authentication: No authentication server is deployed on the network, and users are authenticated locally.	Example for Configuring Local Authentication and User Level Authorization for Administrators
	RADIUS or RADIUS+local authentication: If a RADIUS authentication server is deployed on the network, you can configure RADIUS authentication. The RADIUS authentication server creates and maintains user information in a unified manner. When the RADIUS authentication server does not respond, the device performs local authentication on users based on the local authentication configuration. This prevents user authentication failures when the connection between the device and RADIUS authentication server times out.	Example for Configuring RADIUS+Local Authentication and User Level Authorization for Administrators
	HWTACACS or HWTACACS+local authentication: If an HWTACACS authentication server is deployed on the network, you can configure HWTACACS authentication. The HWTACACS authentication server creates and maintains user information in a unified manner. When the HWTACACS authentication server does not respond, the device performs local authentication on users based on the local authentication configuration. This prevents user authentication failures when the connection between the device and HWTACACS authentication server times out.	Example for Configuring HWTACACS+Local Authentication and User Level Authorization for Administrators
Access mode of administrators	Managing files using SFTP	Example for Managing Files Using SFTP
	Logging in to the device through the web system	Example for Configuring Switch Login Through the Web System
	Logging in to the device through a console port	Example for Configuring Switch Login Through a Console Port
Privilege levels of administrators	The following privilege-level authorization modes are supported: If non-authentication is used, the administrator privilege level is configured using the user privilege command in the VTY interface view. If local authentication is used, the administrator privilege level is configured using the local-user privilege level command. If remote authentication is used, the following administrator privilege levels are listed in descending order of priority: User privilege level sent from the server to the switch after the authentication is successful Administrator privilege level configured using the admin-user privilege level command in a service scheme User privilege level configured using the user privilege command in the VTY interface view Assume that both remote authentication and local authentication are configured for a user and that remote authentication is first configured and then local authentication is configured. The following administrator levels are listed in descending order of priority: User privilege level sent from the server to the switch after the authentication is successful Local user privilege level configured using the local-user privilege level command NOTE: User privilege level if remote authentication and authorization are used: The RADIUS attribute HW-Exec-Privilege (26-29) is used to authorize the user privilege level. The RADIUS attribute HW-User-Policy (26-146) is used to authorize a service scheme, and the user privilege level is configured in the service scheme on the device.	In the following examples, only the user privilege level for local authentication needs to be configured on the device. In remote authentication, the user privilege level needs to be configured on the server. Example for Configuring Local Authentication and User Level Authorization for Administrators Example for Configuring RADIUS+Local Authentication and User Level Authorization for Administrators Example for Configuring HWTACACS+Local Authentication and User Level Authorization for Administrators
Changing the privilege level for administrators	The super command is used to change the privilege level from a higher level to a lower level or from a lower level to a higher level.	Example for Configuring HWTACACS+Local Authentication and User Level Authorization for Administrators
HWTACACS command authorization	HWTACACS command authorization is supported. When the HWTACACS server does not respond, local authorization is used.	Example for Configuring HWTACACS+Local Authentication, Command Authorization, and Command Auditing for Administrators
Command execution records	Command execution records can be viewed on the HWTACACS server.	Example for Configuring HWTACACS+Local Authentication, Command Authorization, and Command Auditing for Administrators