[x]

Login management commands > authentication-mode

 

 Next

authentication-mode

Use authentication-mode to set the authentication mode for a user line.

Use undo authentication-mode to restore the default.

Syntax

In non-FIPS mode:

authentication-mode { none | password | scheme }

undo authentication-mode

In FIPS mode:

authentication-mode scheme

undo authentication-mode

Default

In non-FIPS mode, the authentication mode is password for VTY lines, and none for AUX lines.

In FIPS mode, the authentication mode is scheme.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

none: Disables authentication.

password: Performs local password authentication.

scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.

Usage guidelines

When the authentication mode is none, any user can log in without authentication. To improve device security, use the password or scheme authentication mode.

In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

Examples

# Enable the none authentication mode for user line VTY 0.

<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode none

# Enable password authentication for user line VTY 0 and set the password to 321.

<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode password
[Sysname-line-vty0] set authentication password simple 321

# Enable scheme authentication for user line VTY 0, set the username to 123 and the password to 321, and authorize the Telnet service and network-admin user role to the user.

<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode scheme
[Sysname-line-vty0] quit
[Sysname] local-user 123
[Sysname-luser-manage-123] password simple 321
[Sysname-luser-manage-123] service-type telnet
[Sysname-luser-manage-123] authorization-attribute user-role network-admin

Related commands

set authentication password

prev

 

up

 next

activation-key 

home

 auto-execute command

© Copyright 2016, 2017 Hewlett Packard Enterprise Development LP