HP ProCurve 9304M Security Manual page 47

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

In a configuration that has both an "hp-privlvl" A-V pair and a non-"hp-privlvl" A-V pair for the Exec service, the

non-"hp-privlvl" A-V pair is ignored. For example:

user=bob {

default service = permit

member admin

# Global password

global = cleartext "cat"

service = exec {

hp-privlvl = 4

privlvl = 15

}

In this example, the user would be granted a privilege level of 4 (port-config level). The privlvl = 15 A-V pair

is ignored by the HP device.

If the TACACS+ server has no A-V pair configured for the Exec service, the default privilege level of 5 (read-only)

is used.

Configuring Command Authorization

When TACACS+ command authorization is enabled, the HP device consults a TACACS+ server to get

authorization for commands entered by the user.

You enable TACACS+ command authorization by specifying a privilege level whose commands require

authorization. For example, to configure the HP device to perform authorization for the commands available at the

Super User privilege level (that is, all commands on the device), enter the following command:

ProCurveRS(config)# aaa authorization commands 0 default tacacs+

Syntax: aaa authorization commands <privilege-level> default tacacs+ | radius | none

The <privilege-level> parameter can be one of the following:

•

0 – Authorization is performed for commands available at the Super User level (all commands)

•

4 – Authorization is performed for commands available at the Port Configuration level (port-config and read

only commands)

•

5 – Authorization is performed for commands available at the Read Only level (read-only commands)

NOTE: TACACS+ command authorization can be performed only for commands entered from Telnet or SSH

sessions, or from the console. No authorization is performed for commands entered at the Web management

interface or SNMP management applications.

TACACS+ command authorization is not performed for the following commands:

•

At all levels: exit, logout, end, and quit.

•

At the Privileged EXEC level: enable or enable <text>, where <text> is the password configured for the Super

User privilege level.

If configured, command accounting is performed for these commands.

AAA Support for Console Commands

To enable AAA support for commands entered at the console, enter the following command:

ProCurveRS(config)# enable aaa console

Syntax: [no] enable aaa console

June 2005

Securing Access to Management Functions

2 - 31

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 47

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents