HPE FlexFabric 5940 Series Configuration Manual page 43

[Switch-isp-bbb] authorization login local
# Apply HWTACACS scheme hwtac to the ISP domain for user role authentication.
[Switch-isp-bbb] authentication super hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
# Create a device management user named test and enter local user view.
[Switch] local-user test class manage
# Set the user service type to Telnet.
[Switch-luser-manage-test] service-type telnet
# Set the user password to aabbcc.
[Switch-luser-manage-test] password simple aabbcc
# Assign level-0 to the user.
[Switch-luser-manage-test] authorization-attribute user-role level-0
# Remove the default user role (network-operator).
[Switch-luser-manage-test] undo authorization-attribute user-role network-operator
[Switch-luser-manage-test] quit
# Set the local authentication password to 654321 for user role level-3.
[Switch] super password role level-3 simple 654321
[Switch] quit
# Set the local authentication password to 654321 for user role network-admin.
[Switch] super password role network-admin simple 654321
[Switch] quit
Configure the HWTACACS server:
2.
This example uses ACSv4.0.
a. Access the User Setup page.
b. Add a user account named test. (Details not shown.)
c. In the Advanced TACACS+ Settings area, configure the following parameters:
− Select Level 3 for the Max Privilege for any AAA Client option.
If the target user role is only network-admin for temporary user role authorization, you
can select any level for the option.
− Select the Use separate password option, and specify enabpass as the password.
35