Rbac Configuration Example For Radius Authentication Users - HP 10500 Series Configuration Manual

[Switch-role-role1] vlan policy deny
[Switch-role-role1-vlanpolicy] permit vlan 10 to 20
[Switch-role-role1-vlanpolicy] quit
[Switch-role-role1] quit
# Create a device management user named user1 and enter its view.
[Switch] local-user user1 class manage
# Set a plaintext password aabbcc for the user.
[Switch-luser-manage-user1] password simple aabbcc
# Set the service type to Telnet.
[Switch-luser-manage-user1] service-type telnet
# Assign role1 to the user.
[Switch-luser-manage-user1] authorization-attribute user-role role1
# To make sure the user has only the permissions of role1, remove the user from the default user role
network-operator.
[Switch-luser-manage-user1] undo authorization-attribute user-role network-operator
[Switch-luser-manage-user1] quit
Verifying the configuration
# Telnet to the switch, and enter the username and password to access the switch. (Details not shown.)
# Verify that you can create VLANs 10 to 20. This example uses VLAN 10.
<Switch> system-view
[Switch] vlan 10
[Switch-vlan10] quit
# Verify that you cannot create any VLANs other than VLANs 10 to 20. This example uses VLAN 30.
[Switch] vlan 30
Permission denied.
# Verify that you can use all read commands of any feature. This example uses display clock.
[Switch] display clock
09:31:56 UTC Tues 01/01/2013
[Switch] quit
# Verify that you cannot use the write or execute commands of any feature.
<Switch> debugging role all
Permission denied.
<Switch> ping 192.168.1.58
Permission denied.

RBAC configuration example for RADIUS authentication users

Network requirements
The switch in
including the Telnet user at 192.168.1.58. This Telnet user uses the username hello@bbb and is assigned
the user role role2.
This user role has the following permissions:
Performs all the commands in ISP view.
•
Figure 25 uses the FreeRADIUS server at 10.1.1.1/24 to provide AAA service for login users,
65