HP 6125XLG Configuration Manual page 63

Blade switch fundamentals configuration guide

Hide thumbs Also See for 6125XLG:

Layer 3 - ip routing configuration manual (492 pages)

Command reference manual (466 pages)

Configuration manual (414 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

Table of Contents

# Specify the primary server address 10.1.1.1 and the service port 1812 in the scheme.

[Switch-radius-rad] primary authentication 10.1.1.1 1812

# Set the shared key to expert in the scheme for the switch to authenticate to the server.

[Switch-radius-rad] key authentication simple expert

[Switch-radius-rad] quit

# Specify the scheme rad as the authentication and authorization schemes for the ISP domain bbb.

IMPORTANT:

Because RADIUS user authorization information is piggybacked in authentication responses, the

authentication and authorization methods must use the same RADIUS scheme.

[Switch] domain bbb

[Switch-isp-bbb] authentication login radius-scheme rad

[Switch-isp-bbb] authorization login radius-scheme rad

[Switch-isp-bbb] quit

# Create the feature group fgroup1.

[Switch] role feature-group name fgroup1

# Add the features arp and radius to the feature group.

[Switch-featuregrp-fgroup1] feature arp

[Switch-featuregrp-fgroup1] feature radius

[Switch-featuregrp-fgroup1] quit

# Create the user role role2.

[Switch] role name role2

# Configure rule 1 to permit the user role to use all commands available in ISP view.

[Switch-role-role2] rule 1 permit command system-view ; domain *

# Configure rule 2 to permit the user role to use read and write commands of all features in

fgroup1.

[Switch-role-role2] rule 2 permit read write feature-group fgroup1

# Configure rule 3 to disable access to the read commands of the acl feature.

[Switch-role-role2] rule 3 deny read feature acl

# Configure rule 4 to permit the user role to create VLANs and use all commands available in

VLAN view.

[Switch-role-role2] rule 4 permit command system-view ; vlan *

# Configure rule 5 to permit the user role to enter interface view and use all commands available

in interface view.

[Switch-role-role2] rule 5 permit command system-view ; interface *

# Configure the user role VLAN policy to disable configuration of any VLAN except VLANs 1 to

20.

[Switch-role-role2] vlan policy deny

[Switch-role-role2-vlanpolicy] permit vlan 1 to 20

[Switch-role-role2-vlanpolicy] quit

# Configure the user role interface policy to disable configuration of any interface except

Ten-GigabitEthernet 1/1/5 to Ten-GigabitEthernet 1/1/10.

[Switch-role-role2] interface policy deny

[Switch-role-role2-ifpolicy] permit interface ten-gigabitethernet 1/1/5 to

ten-gigabitethernet 1/1/10

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

HP 6125XLG Configuration Manual page 63

Hide quick links:

Troubleshooting

Related Products for HP 6125XLG

HP 6125XLG Configuration Manual page 63

Hide quick links:

Troubleshooting

Related Manuals for HP 6125XLG

Related Products for HP 6125XLG

Table of Contents