Table of Contents
Advertisement
Displaying Authorization Information
You can show the authorization information by entering this command:
Syntax: show authorization
Configures authorization for controlling access to CLI
commands. When enabled, the switch checks the list of commands
supplied by the RADIUS server during user authentication to
determine if a command entered by the user can be executed.
An example of the output is shown.
ProCurve(config)# show authorization
Status and Counters - Authorization Information
Type
| Method
-------- + -----
-
Commands | RADIUS
Figure 5-8. Example of Show Authorization Command
Configuring Commands Authorization on a RADIUS
Server
Using Vendor Specific Attributes (VSAs)
Some RADIUS-based features implemented on ProCurve switches use HP
VSAs for information exchange with the RADIUS server. RADIUS Access-
Accept packets sent to the switch may contain the vendor-specific informa
tion. The attributes supported with commands authorization are:
HP-Command-String: List of commands (regular expressions) that
■
are permitted (or denied) execution by the user. The commands are
delimited by semi-colons and must be between 1 and 249 characters
in length. Multiple instances of this attribute may be present in
Access-Accept packets. (A single instance may be present in
Accounting-Request packets.)
HP-Command-Exception: A flag that specifies whether the
■
commands indicated by the HP-Command-String attribute are
permitted or denied to the user. A zero (0) means permit all listed
commands and deny all others; a one (1) means deny all listed
commands and permit all others.
RADIUS Authentication and Accounting
Commands Authorization
5-25
Hide quick links:
Advertisement
Table of Contents
