Rbac Configuration Example For Hwtacacs Authentication Users - HP 6125XLG Configuration Manual

[Switch-role-role2-ifpolicy] quit
[Switch-role-role2] quit
2. Configure the RADIUS server:
# Add either of the user role attributes to the dictionary file of the FreeRADIUS server.
Cisco-AVPair = "shell:roles=\"role2\""
Cisco-AVPair = "shell:roles*\"role2\""
# Configure the settings required for the FreeRADIUS server to communicate with the switch.
(Details not shown.)
Verifying the configuration
# Telnet to the switch, and enter the username and password to access the user interface. (Details not
shown.)
# Verify that you can use all commands available in ISP view.
<Switch> system-view
[Switch] domain abc
[Switch-isp-abc] authentication login radius-scheme abc
[Switch-isp-abc] quit
# Verify that you can use all read and write commands of the features radius and arp. Take radius as an
example.
[Switch] radius scheme rad
[Switch-radius-rad] primary authentication 2.2.2.2
[Switch-radius-rad] display radius scheme rad
...
Output of the RADIUS scheme is omitted.
# Verify that you cannot configure any VLAN except VLANs 1 to 20. Take VLAN 10 and VLAN 30 as
examples.
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] vlan 30
Permission denied.
# Verify that you cannot configure any interface except Ten-GigabitEthernet 1/1/5 to
Ten-GigabitEthernet 1/1/10. Take Ten-GigabitEthernet 1/1/6 and Ten-GigabitEthernet 1/1/12 as
examples.
[Switch] vlan 10
[Switch-vlan10] port ten-gigabitethernet 1/1/6
[Switch-vlan10] port ten-gigabitethernet 1/1/12
Permission denied.
RBAC configuration example for HWTACACS authentication
users
Unless otherwise noted, devices in the configuration example are operating in non-FIPS mode.
Network requirements
The switch in
This Telnet user uses the username test@bbb and is assigned the user role level-0.
Figure 18 uses local authentication for login users, including the Telnet user at 192.168.1.58.
57