Rbac Configuration Example For Hwtacacs Authentication Users - HP FlexFabric 7900 Series Configuration Manual

Verifying the configuration
# Telnet to the switch, and enter the username and password to access the switch. (Details not shown.)
# Verify that you can use all commands available in ISP view.
<Switch> system-view
[Switch] domain abc
[Switch-isp-abc] authentication login radius-scheme abc
[Switch-isp-abc] quit
# Verify that you can use all read and write commands of the features radius and arp. Take radius as an
example.
[Switch] radius scheme rad
[Switch-radius-rad] primary authentication 2.2.2.2
[Switch-radius-rad] display radius scheme rad
...
Output of the RADIUS scheme is omitted.
# Verify that you cannot configure any VLAN except VLANs 1 to 20. Take VLAN 10 and VLAN 30 as
examples.
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] vlan 30
Permission denied.
# Verify that you cannot configure any interface except FortyGigE 1/0/1 to FortyGigE 1/0/24. Take
FortyGigE 1/0/2 and FortyGigE 1/0/25 as examples.
[Switch] vlan 10
[Switch-vlan10] port fortygige 1/0/2
[Switch-vlan10] port fortygige 1/0/25
Permission denied.
RBAC configuration example for HWTACACS authentication
users
Network requirements
The switch in
This Telnet user uses the username test@bbb and is assigned the user role level-0.
Configure the remote-then-local authentication mode for temporary user role authorization. The switch
uses the HWTACACS server to provide authentication for obtaining the level-3 user role. If the AAA
configuration is invalid or the HWTACACS server does not respond, the switch performs local
authentication.
Figure 20 uses local authentication for login users, including the Telnet user at 192.168.1.58.
58