HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 196
RADIUS Authentication, Authorization, and Accounting, HP-Command-String, HP-Command-Exception
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 196 highlights
RADIUS Authentication, Authorization, and Accounting Commands Authorization The results of using the HP-Command-String and HP-Command-Exception attributes in various combinations are shown below. HP-Command-String HP-Command-Exception Not present Not present Not present DenyList-PermitOthers(1) Not present PermitList-DenyOthers(0) Commands List DenyList-PermitOthers(1) Commands List PermitList-DenyOthers(0) Commands List Not present Empty Commands List Not present Empty Commands List DenyList-PermitOthers(1) Empty Commands List PermitList-DenyOthers(0) Description If command authorization is enabled and the RADIUS server does not provide any authorization attributes in an Access-Accept packet, the user is denied access to the server. This message appears: "Access denied: no user's authorization info supplied by the RADIUS server." Authenticated user is allowed to execute all commands available on the switch. Authenticated user can only execute a minimal set of commands (those that are available by default to any user). Authenticated user may execute all commands except those in the Commands list. Authenticated user can execute only those commands provided in the Commands List, plus the default commands. Authenticated user can only execute commands from the Commands List, plus the default commands. Authenticate user can only execute a minimal set of commands (those that are available by default to any user). Authenticated user is allowed to execute all commands available on the switch. Authenticate user can only execute a minimal set of commands (those that are available by default to any user). You must configure the RADIUS server to provide support for the HP VSAs. There are multiple RADIUS server applications; the two examples below show how a dictionary file can be created to define the VSAs for that RADIUS server application. 5-29