Displaying Authorization Information; Configuring Commands Authorization On A Radius Server; Using Vendor Specific Attributes (Vsas) - HP 3500yl Series Access Security Manual

RADIUS Authentication, Authorization, and Accounting
Commands Authorization
6-40

Displaying Authorization Information

You can show the authorization information by entering this command:
Syntax: show authorization
Configures authorization for controlling access to CLI
commands. When enabled, the switch checks the list of commands
supplied by the RADIUS server during user authentication to
determine if a command entered by the user can be executed.
An example of the output is shown.
HP Switch
(config)# show authorization
Status and Counters - Authorization Information
Type | Method
-------- + ------
Commands | RADIUS
Figure 6-15. Example of Show Authorization Command
Configuring Commands Authorization on a RADIUS
Server

Using Vendor Specific Attributes (VSAs)

Some RADIUS-based features implemented on HP switches use HP VSAs for
information exchange with the RADIUS server. RADIUS Access-Accept pack-
ets sent to the switch may contain the vendor-specific information.
The list of commands that are permitted (or denied) execution by the user are
called regular expressions. The system compares those regular expressions
against the full command name to determine whether the user is allowed to
execute the command. For example, assume a RADIUS user is defined as
follows:
User1 User-Password = "hpswitch"
Service-Type = Administrative-User,
HP-Command-Exception = 1, # Deny_list
HP-Command-String = "config"