Manualshelf

R21xx-HP FlexFabric 11900 Fundamentals Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
61626364656667686970
53
Permission denied.
# Verify that you can use all read commands of any feature. This example uses display clock.
[Switch] display clock
09:31:56 UTC Sat 01/01/2011
[Switch] quit
# Verify that you cannot use the write or execute commands of any feature.
<Switch> debugging role all
Permission denied.
<Switch> ping 192.168.1.58
Permission denied.
RBAC configuration example for RADIUS authentication users
Unless otherwise noted, devices in the configuration example are operating in non-FIPS mode.
Network requirements
The switch in Figure 24 uses the FreeRADIUS server at 10.1.1.1/24 to provide AAA service for login users,
including the Telnet user at 192.168.1.58. This Telnet user uses the username hello@bbb and is assigned
the user role role2.
This user role has the following permissions:
Performs all the commands in ISP view.
Performs read and write commands of the features arp and radius.
Has no access to read commands of the feature acl.
Configures VLANs 1 to 20 and interfaces Ten-GigabitEthernet 1/0/1 to Ten-GigabitEthernet
1/0/24.
The switch and the FreeRADIUS server use the shared key expert and authentication port 1812. The
switch delivers usernames with their domain names to the server.
Figure 24 Network diagram
Configuration procedure
Make sure that the settings on the switch and the RADIUS server match.
1. Configure the switch:
# Assign VLAN interface 2 an IP address from the same subnet as the Telnet user.
<Switch> system-view
[Switch] interface vlan-interface 2