HP 10500 Series Configuration Manual page 4

Controlling user access ·············································································································································· 43
FIPS compliance ····························································································································································· 43
Controlling Telnet/SSH logins ······································································································································ 43
Configuration procedures ····································································································································· 43
Configuration example ········································································································································· 44
Controlling SNMP access·············································································································································· 44
Configuration procedure ······································································································································ 44
Configuration example ········································································································································· 45
Configuring command authorization ··························································································································· 46
Configuration procedure ······································································································································ 46
Configuration example ········································································································································· 47
Configuring command accounting ······························································································································· 48
Configuration procedure ······································································································································ 49
Configuration example ········································································································································· 50
Configuring RBAC ······················································································································································ 52
Overview ········································································································································································· 52
Permission assignment ·········································································································································· 52
Assigning user roles ·············································································································································· 55
FIPS compliance ····························································································································································· 55
Configuration task list ···················································································································································· 55
Creating user roles ························································································································································· 56
Configuring user role rules ············································································································································ 56
Configuring feature groups ··········································································································································· 57
Changing resource access policies ······························································································································ 57
Changing the interface policy of a user role ······································································································ 58
Changing the VLAN policy of a user role ·········································································································· 58
Changing the VPN instance policy of a user role ····························································································· 58
Assigning user roles ······················································································································································· 59
Enabling the default user role function ················································································································ 59
Assigning user roles to remote AAA authentication users ················································································ 59
Assigning user roles to local AAA authentication users ···················································································· 60
Assigning user roles to non-AAA authentication users on user lines ······························································· 60
Configuring temporary user role authorization ·········································································································· 61
Configuration guidelines ······································································································································ 61
Configuring user role authentication ··················································································································· 62
Obtaining temporary user role authorization ···································································································· 63
Displaying RBAC settings ·············································································································································· 63
RBAC configuration examples ······································································································································ 64
RBAC configuration example for local AAA authentication users ··································································· 64
RBAC configuration example for RADIUS authentication users ······································································· 65
RBAC configuration example for HWTACACS authentication users ······························································ 68
Troubleshooting RBAC ··················································································································································· 72
Local users have more access permissions than intended ················································································ 72
Login attempts by RADIUS users always fail ······································································································ 73
Configuring FTP ·························································································································································· 74
FIPS compliance ····························································································································································· 74
Using the device as an FTP server ································································································································ 74
Configuring basic parameters ····························································································································· 74
Configuring authentication and authorization ··································································································· 75
Manually releasing FTP connections ··················································································································· 76
Displaying and maintaining the FTP server ········································································································ 76
FTP server configuration example in standalone mode ····················································································· 76
FTP server configuration example in IRF mode ·································································································· 78
ii