Rbac Configuration Examples; Rbac Configuration Example For Local Aaa Authentication Users - HP FlexFabric 7900 Series Configuration Manual

Hide thumbs Also See for FlexFabric 7900 Series:
Table of Contents

Advertisement

RBAC configuration examples

RBAC configuration example for local AAA authentication
users
Network requirements
The switch in
user has the username user1@bbb and is assigned the user role role1.
Configure role1 to have the following permissions:
Executes the read commands of any feature.
Configures no VLANs except VLANs 10 to 20.
Figure 18 Network diagram
Configuration procedure
# Assign an IP address to VLAN-interface 2, the interface connected to the Telnet user.
<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
# Enable Telnet server.
[Switch] telnet server enable
# Enable scheme authentication on the user lines for Telnet users.
[Switch] line vty 0 63
[Switch-line-vty0-63] authentication-mode scheme
[Switch-line-vty0-63] quit
# Enable local authentication and authorization for the ISP domain bbb.
[Switch] domain bbb
[Switch-isp-bbb] authentication login local
[Switch-isp-bbb] authorization login local
[Switch-isp-bbb] quit
# Create the user role role1.
[Switch] role name role1
# Configure rule 1 to permit the user role to access read commands of all features.
[Switch-role-role1] rule 1 permit read feature
# Configure rule 2 to permit the user role to create VLANs and access commands in VLAN view.
[Switch-role-role1] rule 2 permit command system-view ; vlan *
# Change the VLAN policy to permit the user role to configure only VLANs 10 to 20.
Figure 18
performs local AAA authentication for the Telnet user at 192.168.1.58. This Telnet
54

Advertisement

Table of Contents
loading

Table of Contents