Configuring Command Authorization; Configuration Procedure - HP 5130 EI series Configuration Manual
Hide thumbs
Also See for 5130 EI series:
- Installation manual (70 pages) ,
- Configuration manual (64 pages) ,
- Configuration manual (171 pages)
Table of Contents
Advertisement
Figure 21 Network diagram
Configuration procedure
# Create an ACL to permit packets sourced from Host A and Host B.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] quit
# Associate the ACL with the SNMP community and the SNMP group.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000
Configuring command authorization
By default, commands are available for a user depending only on that user's user roles. When the
authentication mode is scheme, you can configure the command authorization function to further control
access to commands.
After you enable command authorization, a command is available for a user only if the user meets the
following conditions:
•
Has the commensurate user role.
Authorized to use the command by the AAA scheme.
•
This section provides the procedure for configuring command authorization. To make the command
authorization function take effect, you must configure a command authorization method in ISP domain
view. For more information, see Security Configuration Guide.
Configuration procedure
To configure command authorization:
Step
1.
Enter system view.
Command
system-view
41
Remarks
N/A
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
