HP FlexFabric 7900 Series Configuration Manual page 59

Hide thumbs Also See for FlexFabric 7900 Series:

Command reference manual (294 pages)

Installation manual (58 pages)

Command reference manual (237 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

Table of Contents

To enable users to obtain temporary user roles, you must configure user role authentication.

•

describes the available authentication modes and configuration requirements.

Local password authentication is available for all user roles, but remote AAA authentication is

•

available only for level-n user roles.

If HWTACACS authentication is used, use a user account that has the target user role level or a

user role level higher than the target user role. For example, if the user account test has the user

role level-3, you can use this user account to obtain the authorization of the level-0, level-1,

level-2, or level-3 user role. When you use this method, you must enter the correct username

and password to pass authentication.

If RADIUS authentication is used, you must create a user account for each level-n user role in the

$enabn$ format or the $enabn$@domain-name format, where n represents the user role level.

When you use this method, the username you enter is ignored. You can pass authentication as

long as the password is correct.

•

If you execute the quit command after obtaining user role authorization, you are logged out of the

device.

Table 10 User role authentication modes

Keywords

Authentication mode

Local password

local

authentication only

(local-only)

Remote AAA authentication

scheme

through HWTACACS or

RADIUS (remote-only)

Local password

authentication first, and then

local scheme

remote AAA authentication

(local-then-remote)

Remote AAA authentication

first, and then local

scheme local

password authentication

(remote-then-local)

Description

The device uses the locally configured password for

authentication.

If no local password is configured for a user role in this mode,

an AUX user can obtain the user role authorization by either

entering a string or not entering anything.

The device sends the username and password to the

HWTACACS or RADIUS server for remote authentication.

To use this mode, you must perform the following

configuration tasks:

•

Configure the required HWTACACS or RADIUS scheme,

and configure the ISP domain to use the scheme for the

user. For more information, see Security Configuration

Guide.

•

Add the user account and password on the HWTACACS

or RADIUS server.

Local password authentication is performed first.

If no local password is configured for the user role in this

mode:

•

The device performs remote AAA authentication for VTY

users.

•

An AUX user can obtain user role authorization by either

entering a string or not entering anything.

Remote AAA authentication is performed first. If the

HWTACACS or RADIUS server does not respond, or the

remote AAA configuration on the device is invalid, local

password authentication is performed.

Table

Table of Contents

HP FlexFabric 7900 Series Configuration Manual page 59

Troubleshooting

Related Products for HP FlexFabric 7900 Series

HP FlexFabric 7900 Series Configuration Manual page 59

Troubleshooting

Related Manuals for HP FlexFabric 7900 Series

Related Products for HP FlexFabric 7900 Series

Table of Contents