authentication-scheme (AAA view)

Function

The authentication-scheme command creates an authentication scheme and displays its view.

The undo authentication-scheme command deletes an authentication scheme.

By default, the default authentication scheme is used. This default authentication scheme can be modified but cannot be deleted. In the default authentication scheme:

Local authentication is used.
The offline policy is used for authentication failures.

The device provides the following default authentication schemes: admin_local, admin_radius_local, admin_hwtacacs_local, admin_ad_local, admin_ldap_local, admin_radius, admin_hwtacacs, admin_ad, and admin_ldap. They are used for configuring administrator authentication on the web UI and cannot be deleted or modified.

Format

authentication-scheme scheme-name

undo authentication-scheme scheme-name

Parameters

Parameter	Description	Value
scheme-name	Specifies the name of an authentication scheme.	The value is a string of 1 to 32 case-sensitive characters. It cannot contain spaces or the following symbols: \, /, :, *, ?, ", < , >, and \|.

Views

AAA view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To authenticate users, run the authentication-scheme command to create an authentication scheme. Creating an authentication scheme is necessary before performing authentication-relevant configurations.

Follow-up Procedure

After an authentication scheme is created, run the authentication-mode (authentication scheme view) command to configure an authentication mode in an authentication scheme.

After an authentication scheme is configured, run the authentication-scheme (AAA domain view) command to apply the authentication scheme to a domain.

Precautions

If the configured authentication scheme does not exist, the authentication-scheme command creates an authentication scheme and displays the authentication scheme view. If the configured authentication scheme already exists, the authentication-scheme command directly displays the authentication scheme view.

To delete an authentication scheme applied to a domain, run the undo authentication-scheme (AAA domain view) command.

Example

# Create an authentication scheme named newscheme.

<sysname> system-view
[sysname] aaa
[sysname-aaa] authentication-scheme newscheme
[sysname-aaa-authen-newscheme]

# Access the default authentication scheme view.

<sysname> system-view
[sysname] aaa
[sysname-aaa] authentication-scheme default
[sysname-aaa-authen-default]