Configuring Command Authorization; Configuration Procedure - HPE FlexFabric 5940 Series Configuration Manual
Fundamentals configuration guide
Hide thumbs
Also See for FlexFabric 5940 Series:
- Security configuration manual (571 pages) ,
- Configuration manual (334 pages) ,
- Fundamentals command reference (289 pages)
Table of Contents
Advertisement
Figure 16 Network diagram
Configuration procedure
# Create an ACL to permit packets sourced from Host A and Host B.
<Sysname> system-view
[Sysname] acl basic 2000 match-order config
[Sysname-acl-ipv4-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-ipv4-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-ipv4-basic-2000] quit
# Associate the ACL with the SNMP community and the SNMP group.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000
Configuring command authorization
By default, commands available for a user depend only on the user's user roles. When the
authentication mode is scheme, you can configure the command authorization feature to further
control access to commands.
After you enable command authorization, a user can use only commands that are permitted by both
the AAA scheme and user roles.
The command authorization method can be different from the user login authorization method.
This section provides the procedure for configuring command authorization. To make the command
authorization feature take effect, you must configure a command authorization method in ISP
domain view. For more information, see Security Configuration Guide.
Configuration procedure
To configure command authorization:
Step
Enter system view.
1.
Command
system-view
71
Remarks
N/A
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
