HP 5920 series Fundamentals Configuration Manual page 4

Controlling user access ·············································································································································· 40
FIPS compliance ····························································································································································· 40
Controlling Telnet/SSH logins ······································································································································ 40
Configuration procedures ····································································································································· 40
Configuration example ········································································································································· 41
Controlling SNMP access·············································································································································· 41
Configuration procedure ······································································································································ 41
Configuration example ········································································································································· 42
Configuring command authorization ··························································································································· 43
Configuration procedure ······································································································································ 43
Configuration example ········································································································································· 44
Configuring command accounting ······························································································································· 46
Configuration procedure ······································································································································ 46
Configuration example ········································································································································· 47
Configuring RBAC ······················································································································································ 50
Overview ········································································································································································· 50
Permission assignment ·········································································································································· 50
User role assignment ············································································································································· 52
FIPS compliance ····························································································································································· 53
Configuration task list ···················································································································································· 53
Creating user roles ························································································································································· 53
Configuring user role rules ············································································································································ 54
Configuration restrictions and guidelines ··········································································································· 54
Configuration procedure ······································································································································ 54
Configuring feature groups ··········································································································································· 55
Configuring resource access policies ·························································································································· 55
Configuring the interface policy of a user role ·································································································· 56
Configuring the VLAN policy of a user role ······································································································· 56
Configuring the VPN instance policy of a user role ·························································································· 56
Assigning user roles ······················································································································································· 57
Enabling the default user role feature ················································································································· 57
Assigning user roles to remote AAA authentication users ················································································ 57
Assigning user roles to local AAA authentication users ···················································································· 58
Assigning user roles to non-AAA authentication users on user lines ······························································· 58
Configuring temporary user role authorization ·········································································································· 59
Configuration guidelines ······································································································································ 59
Configuring user role authentication ··················································································································· 60
Obtaining temporary user role authorization ···································································································· 61
Displaying RBAC settings ·············································································································································· 61
RBAC configuration examples ······································································································································ 61
RBAC configuration example for local AAA authentication users ··································································· 61
RBAC configuration example for RADIUS authentication users ······································································· 63
RBAC configuration example for HWTACACS authentication users ······························································ 66
Troubleshooting RBAC ··················································································································································· 69
Local users have more access permissions than intended ················································································ 69
Login attempts by RADIUS users always fail ······································································································ 70
Configuring FTP ·························································································································································· 71
FIPS compliance ····························································································································································· 71
Using the device as an FTP server ································································································································ 71
Configuring basic parameters ····························································································································· 72
Configuring authentication and authorization ··································································································· 72
Manually releasing FTP connections ··················································································································· 73
Displaying and maintaining the FTP server ········································································································ 73
ii