Enabling Authorization - HP Q.11.XX Manual

Procurve 2510 series switches
Table of Contents

Advertisement

RADIUS Authentication, Authorization and Accounting
Commands Authorization
Note
5-18
The commands authorization will only be executed for commands entered
from Telnet, SSH, or console sessions. The Web management interface is not
supported.
By default, all users may execute a minimal set of commands regardless of
their authorization status, for example, "exit" and "logout". This minimal set
of commands can prevent deadlock on the switch due to an error in the user's
authorization profile on the RADIUS server.

Enabling Authorization

To configure authorization for controlling access to the CLI commands, enter
this command at the CLI.
Syntax: [no] aaa authorization <commands> <radius | none>
Configures authorization for controlling access to CLI
commands. When enabled, the switch checks the list of commands
supplied by the RADIUS server during user authentication to
determine if a command entered by the user can be executed.
radius: The NAS requests authorization information from the
RADIUS server. Authorization rights are assigned by user or
group.
none
:
The NAS does not request authorization information.
For example, to enable the RADIUS protocol as the authorization method:
ProCurve(config)# aaa authorization commands radius
When the NAS sends the RADIUS server a valid username and password, the
RADIUS server sends an Access-Accept packet that contains two attributes
—the command list and the command exception flag. When an authenticated
user enters a command on the switch, the switch examines the list of com-
mands delivered in the RADIUS Access-Accept packet as well as the command
exception flag, which indicates whether the user has permission to execute
the commands in the list. See Configuring the RADIUS Server on page 5-19.
After the Access-Accept packet is deliver, the command list resides on the
switch. Any changes to the user's command list on the RADIUS server are not
seen until the user is authenticated again.

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

U.11.xxProcurve 2510-24Procurve 2510-48

Table of Contents