Configuring Command Accounting; Configuration Procedure - HP 10500 Series Configuration Manual
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
[Device] local-user monitor
[Device-luser-admin] password cipher 123
[Device-luser-admin] service-type telnet
[Device-luser-admin] authorization-attribute user-role level-1
Configuring command accounting
Command accounting allows the HWTACACS server to record all executed commands that are
supported by the device, regardless of the command execution result. This feature helps control and
monitor user behavior on the device.
When command accounting is disabled, the accounting server does not record the commands executed
by users. If command accounting is enabled but command authorization is not, every executed
command is recorded on the HWTACACS server. If both command accounting and command
authorization are enabled, only authorized commands that are executed are recorded on the
HWTACACS server.
The command accounting method can be the same as or different from the command authorization
method and user login authorization method.
This section provides only the procedure for configuring command accounting. To make the command
accounting feature take effect, you must configure a command accounting method in ISP domain view.
For more information, see Security Configuration Guide.
Configuration procedure
To configure command accounting:
Step
1.
Enter system view.
2.
Enter user line view or
user line class view.
3.
Enable scheme
authentication.
Command
system-view
•
Enter user line view:
line { first-number1
[ last-number1 ] | { aux |
vty } first-number2
[ last-number2 ] }
•
Enter user line class view:
line class { aux | vty }
authentication-mode scheme
72
Remarks
N/A
A setting in user line view is applied only to
the user line. A setting in user line class
view is applied to all user lines of the class.
A non-default setting in either view takes
precedence over a default setting in the
other view. A non-default setting in user
line view takes precedence over a
non-default setting in user line class view.
A setting in user line class view takes effect
only for users who log in after the
configuration is completed. It does not
affect online users.
By default, authentication is disabled for
the AUX line.
In VTY line view, this command is
associated with the protocol inbound
command. If you specify a non-default
value for only one of the two commands in
VTY line view, the other command uses the
default setting, regardless of the setting in
VTY line class view.
Advertisement
Table of Contents
Troubleshooting
