Assigning User Roles To Remote Aaa Authentication Users; Assigning User Roles To Local Aaa Authentication Users - HP 6125XLG Configuration Manual

Blade switch fundamentals configuration guide

Hide thumbs Also See for 6125XLG:

Layer 3 - ip routing configuration manual (492 pages)

Command reference manual (466 pages)

Configuration manual (414 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

Table of Contents

Step

Enter system view.

Enable the default user role

function.

Assigning user roles to remote AAA authentication users

For remote AAA authentication users, user roles are configured on the remote authentication server. For

information about configuring user roles for RADIUS users, see the RADIUS server documentation. For

HWTACACS users, the role configuration must use the roles="role- 1 role-2 ... role-n" format, where user

roles are space separated. For example, configure roles="level-0 level-1 level-2" to assign level-0, level- 1 ,

and level-2 to an HWTACACS user.

If the AAA server assigns the security-audit user role and other user roles to the same user, only the

security-audit user role takes effect.

NOTE:

To be compatible with privilege-based access control, the device automatically converts privilege-based

•

user levels (0 to 15) assigned by an AAA server to RBAC user roles (level-0 to level-15).

•

If the AAA server assigns a privilege-based user level and a user role to a user, the user can use the

collection of commands and resources accessible to both the user level and the user role.

Assigning user roles to local AAA authentication users

Configure user roles for local AAA authentication users in their local user accounts. Every local user has

a default user role. If this default user role is not suitable, delete it.

If the device has local users authorized the security-audit user role, you cannot delete the last local user

who has that user role.

The security-audit user role is mutually exclusive with other user roles.

When you assign the security-audit user role to a local user, the system asks for your confirmation

•

to delete all the other user roles of the local user first.

•

When you assign the other user roles to a local user who has been assigned the security-audit user

role, the system asks for your confirmation to delete the security-audit user role for the local user first.

To assign a user role to a local user:

Step

Enter system view.

Create a local user and

enter local user view.

Command

system-view

role default-role enable

Command

system-view

local-user user-name class

{ manage | network }

Remarks

N/A

The default user role function is

disabled.

If the none authorization method is

used for local users, you must enable

the default user role function.

Remarks

N/A

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Assigning User Roles To Remote Aaa Authentication Users; Assigning User Roles To Local Aaa Authentication Users - HP 6125XLG Configuration Manual

Assigning user roles to remote AAA authentication users

Assigning user roles to local AAA authentication users

Hide quick links:

Troubleshooting

Related Manuals for HP 6125XLG

Related Content for HP 6125XLG

Table of Contents