Rbac Configuration Example For Hwtacacs Authentication Users - HP 5920 series Fundamentals Configuration Manual

[Switch] vlan 10
[Switch-vlan10] quit
[Switch] vlan 30
Permission denied.
# Verify that you cannot configure any interface except Ten-GigabitEthernet 1/0/1 to
Ten-GigabitEthernet 1/0/20. Take Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/22 as
examples.
[Switch] vlan 10
[Switch-vlan10] port ten-gigabitethernet 1/0/2
[Switch-vlan10] port ten-gigabitethernet 1/0/22
Permission denied.
RBAC configuration example for HWTACACS authentication
users
Network requirements
As shown in
Telnet user uses the username test@bbb and is assigned the user role level-0.
Configure the remote-then-local authentication mode for temporary user role authorization. The switch
uses the HWTACACS server to provide authentication for obtaining the level-3 user role. If the AAA
configuration is invalid or the HWTACACS server does not respond, the switch performs local
authentication.
Figure 22 Network diagram
Configuration procedure
1. Configure the switch:
# Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user).
<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
# Assign an IP address to VLAN-interface 3 (the interface connected to the HWTACACS server).
[Switch] interface vlan-interface 3
[Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0
[Switch-Vlan-interface3] quit
Figure 22, the switch uses local authentication for login users, including the Telnet user. The
66