Create A Named List That Allows Authorized Users To Immediately Enter Into The Enable Mode Context - HP ProCurve 7000dl Series Basic Management And Configuration Manual
Procurve 7000dl series secure router
Hide thumbs
Also See for ProCurve 7000dl Series:
- Quickspecs (18 pages) ,
- Basic management and configuration manual (817 pages)
Table of Contents
Advertisement
Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
Specify default to create the default authorization list, or replace <named
list> to create a named list with the name you specify.
Use the group tacacs+ option to specify the default group of TACACS+
servers. Use the group <groupname> if you have created a group of
TACACS+ servers.
Include the if-authenticated option to authorize authenticated users. Use
the none option to grant access immediately. You may want to enter none as
a second option. That way, if the ProCurve Secure Router cannot contact the
TACACS+ server, you will still be able to configure the router.
For example, to create a named list that allows authorized users to configure
the router from the enable mode context, enter:
ProCurve (config)# aaa authorization commands 15 default group tacacs+
if-authenticated
After you create a named list for authorization, you must assign it to an access
method, such as a Telnet or SSH line.
Create a Named List That Allows Authorized Users to
Immediately Enter into the Enable Mode Context
You can create authorization lists for an exec shell, which allows an authorized
user to enter directly into the enable mode context when that user starts a
new CLI session. You use the aaa authorization command to both create this
named list and specify its contents.
From the global configuration mode context, enter:
Syntax: aaa authorization exec [default | <named list>] [none | if-authenticated]
[group {tacacs+ | <group name>}]
Include default to create the default authorization list, or replace <named
list> with the name of the list you want to create.
Include the if-authenticated option for authorization to succeed if the user
authenticates. Include the none option to grant access automatically.
Include the group tacacs+ option if you want the ProCurve Secure Router to
use the TACACS+ server for authorization. Use group <groupname> to
specify a group of remote servers that will verify if a user is authorized to enter
the enable mode context. You can specify more than one group of TACACS+
servers. If the servers in one group are unavailable, the ProCurve Secure
Router will contact another group. However, if the ProCurve Secure Router
2-25
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
