authentication-mode
Use authentication-mode to set the authentication mode for a user line.
Use undo authentication-mode to restore the default.
Syntax
In non-FIPS mode:
authentication-mode { none | password | scheme }
undo authentication-mode
In FIPS mode:
authentication-mode scheme
undo authentication-mode
Default
In non-FIPS mode, the authentication mode is password for VTY lines, and none for AUX lines.
In FIPS mode, the authentication mode is scheme.
Views
User line view, user line class view
Predefined user roles
network-admin
mdc-admin
Parameters
none: Disables authentication.
password: Performs local password authentication.
scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.
Usage guidelines
When the authentication mode is none, any user can log in without authentication. To improve device security, use the password or scheme authentication mode.
In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.
Examples
# Enable the none authentication mode for user line VTY 0.
<Sysname> system-view [Sysname] line vty 0 [Sysname-line-vty0] authentication-mode none
# Enable password authentication for user line VTY 0 and set the password to 321.
<Sysname> system-view [Sysname] line vty 0 [Sysname-line-vty0] authentication-mode password [Sysname-line-vty0] set authentication password simple 321
# Enable scheme authentication for user line VTY 0, set the username to 123 and the password to 321, and authorize the Telnet service and network-admin user role to the user.
<Sysname> system-view [Sysname] line vty 0 [Sysname-line-vty0] authentication-mode scheme [Sysname-line-vty0] quit [Sysname] local-user 123 [Sysname-luser-manage-123] password simple 321 [Sysname-luser-manage-123] service-type telnet [Sysname-luser-manage-123] authorization-attribute user-role network-admin
Related commands
set authentication password