Configuring Authorization With Aaa - HP ProCurve 7000dl Series Basic Management And Configuration Manual
Procurve 7000dl series secure router
Hide thumbs
Also See for ProCurve 7000dl Series:
- Quickspecs (18 pages) ,
- Basic management and configuration manual (817 pages)
Table of Contents
Advertisement
Controlling Management Access to the ProCurve Secure Router
Quick Start
2-72
Configuring Authorization with AAA
Configuring authorization with AAA includes two basic steps:
Define a named list for authorization. You can define a named list to
authorize users to:
•
access the basic mode context or the enable mode context
•
immediately enter the enable mode context when they start a new CLI
session
Assign the named list to a line configuration mode context.
Of course, the AAA subsystem must be enabled, and the TACACS+ server must
be defined.
1.
To create a named list to authorize access to the basic or enable mode
context, enter the following command from the global configuration mode
context:
Syntax: aaa authorization commands [1 | 15] [default | <named list>] group
[tacacs+ | <group name>] [if-authenticated | none]
Include 1 or 15 to specify the level of commands for which you want to
configure authorization: 1 is for unprivileged access, or basic mode, and
15 is for privileged access, or the enable mode.
Specify the default authorization list, or replace <named list> to create
a named list.
Use the group tacacs+ option to specify the default group of TACACS+
servers. Use the group <group name> if you have created a group of
TACACS+ servers.
Include the if-authenticated option to authorize authenticated users.
Use the none option if authorization is not required. You may want to
enter none as a second option. That way, if the ProCurve Secure Router
cannot contact the TACACS+ server, you will still be able to configure the
router.
2.
To configure an authorization list for an exec shell, which allows an
authenticated user to enter directly into the enable mode context when
that user starts a new CLI session, enter the following command from the
global configuration mode context:
Syntax: aaa authorization exec [default | <named list>] [none | if-authenticated]
[group {tacacs+ | <group name>}]
Specify the default authorization list, or replace <named list> with the
name of an authorization list.
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
