Assigning User Roles; Enabling The Default User Role Feature; Assigning User Roles To Remote Aaa Authentication Users - HP 5130 EI series Configuration Manual

Hide thumbs Also See for 5130 EI series:

Installation manual (70 pages)

Configuration manual (64 pages)

Configuration manual (171 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

Table of Contents

Step

Enter user role VLAN policy

view.

(Optional.) Specify a list of

VLANs accessible to the

user role.

Assigning user roles

To control user access to the system, you must assign a minimum of one user role. Make sure a minimum

of one user role among the user roles assigned by the server exists on the device. User role assignment

procedure varies for remote AAA authentication users, local AAA authentication users, and non-AAA

authentication users (see

Security Configuration Guide.

Enabling the default user role feature

The default user role feature allows AAA-authenticated users to access the system if the AAA server does

not authorize any user roles to the users.

You can configure this feature to enable an AAA-authenticated user that has not been assigned any user

role to log in with the default user role network-operator.

To enable the default user role feature for AAA authentication users:

Step

Enter system view.

Enable the default user role

feature.

Assigning user roles to remote AAA authentication users

For remote AAA authentication users, user roles are configured on the remote authentication server. For

information about configuring user roles for RADIUS users, see the RADIUS server documentation. For

HWTACACS users, the role configuration must use the roles="role- 1 role-2 ... role-n" format, where user

roles are space separated. For example, configure roles="level-0 level-1 level-2" to assign level-0, level- 1 ,

and level-2 to an HWTACACS user.

If the AAA server assigns the security-audit user role and other user roles to the same user, only the

security-audit user role takes effect.

Command

vlan policy deny

permit vlan vlan-id-list

"Assigning user

roles"). For more information about AAA authentication, see

Command

system-view

role default-role enable

Remarks

By default, the VLAN policies of user

roles permit access to all VLANs.

This command disables the access of

the user role to any VLAN.

By default, no accessible VLANs are

configured.

To add more accessible VLANs,

repeat this step.

Remarks

N/A

By default, the default user role feature

is disabled.

If the none authorization method is

used for local users, you must enable

the default user role feature.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Assigning User Roles; Enabling The Default User Role Feature; Assigning User Roles To Remote Aaa Authentication Users - HP 5130 EI series Configuration Manual

Assigning user roles

Enabling the default user role feature

Assigning user roles to remote AAA authentication users

Hide quick links:

Troubleshooting

Related Manuals for HP 5130 EI series

Related Content for HP 5130 EI series

Table of Contents