Configuring Temporary User Role Authorization; Configuration Guidelines - HP 5130 EI series Configuration Manual

Hide thumbs Also See for 5130 EI series:

Installation manual (70 pages)

Configuration manual (64 pages)

Configuration manual (171 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

Table of Contents

Step

Enter user line view or use

line class view.

Specify a user role on the

user line.

Configuring temporary user role authorization

Temporary user role authorization allows you to obtain another user role without reconnecting to the

device. This feature is useful when you want to use a user role temporarily to configure a feature.

Temporary user role authorization is effective only on the current login. This function does not change the

user role settings in the user account that you have been logged in with. The next time you are logged in

with the user account, the original user role settings take effect.

Configuration guidelines

When you configure temporary user role authorization, follow these guidelines:

To enable users to obtain another user roles without reconnecting to the device, you must configure

•

user role authentication.

requirements.

•

If HWTACACS authentication is used, the following rules apply:

The device uses the entered username and password to request role authentication, and it sends

the username to the server in the format username or username@domain-name. Whether the

domain name is included in the username depends on the user-name-format command in the

HWTACACS scheme.

To obtain a level-n user role, the user account on the server must have the target user role level

or a user role level higher than the target user role. A user account that obtains the level-n user

role can obtain any user roles among level 0 through level-n.

To obtain a non-level-n user role, make sure the user account on the server meets the following

requirements:

−

If RADIUS authentication is used, the following rules apply:

•

Command

•

user-role role-name

Table 10

The account has a user privilege level.

The HWTACACS custom attribute is configured for the account in the form of

allowed-roles="role". The variable role represents the target user role.

Enter user line view:

line { first-num1 [ last-num1 ] |

{ aux | vty } first-num2

[ last-num2 ] }

Enter user line class view:

line class { aux | vty }

describes the available authentication modes and configuration

Remarks

For information about the priority

order and application scope of the

configurations in user line view and

user line class view, see "Logging in to

the CLI"

Repeat this step to specify up to 64

user roles on a user line.

By default, network-admin is specified

on the AUX user line, and

network-operator is specified on any

other user line.

The device does not assign the

security-audit user role to the users

who are logged in to the device

through the current user line.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Configuring Temporary User Role Authorization; Configuration Guidelines - HP 5130 EI series Configuration Manual

Configuring temporary user role authorization

Configuration guidelines

Hide quick links:

Troubleshooting

Related Manuals for HP 5130 EI series

Related Content for HP 5130 EI series

Table of Contents