The authentication-scheme command creates an authentication scheme and enters the authentication scheme view.
The undo authentication-scheme command cancels an authentication scheme.
By default, there are three authentication schemes named default (local radius authentication), default0 (local authentication) and default1 (radius authentication). Default authentication schemes can be modified but cannot be deleted.
| Parameter | Description | Value |
|---|---|---|
| scheme-name |
Specifies the name of an authentication scheme. |
The value is a string of 1 to 32 case-insensitive characters. The name of an authentication scheme must comply with the naming criterion of Windows, that is, characters such as \, /, :, *, ?, ", |, <, and > must be excluded from the name of an authentication scheme. |
Usage Scenario
You can configure up to 32 authentication schemes for the system.
Precautions
If the HWTACACS server is Down, unreachable, or does not respond in time, the command authorization fails, and no user can execute such command.
Command-line-based authorization is not associated with any authorization mode.
To configure command-line-based authorization for users at levels 3 to 15, set the parameter privilege-level to 3 in the authorization-cmd command for all such users if the command-privilege level rearrange command is not run in the system view, but set the parameter privilege-level to the specific level at which target users reside if the command-privilege level rearrange command is run in the system view. For example, to configure hwtacacs authorization for users at level 4, run the authorization-cmd 3 hwtacacs command if the command-privilege level rearrange command is not run, but run the authorization-cmd 4 hwtacacs command if the command-privilege level rearrange command is run.