HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 193
Commands Authorization
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 193 highlights
RADIUS Authentication, Authorization, and Accounting Commands Authorization Note Commands Authorization The RADIUS protocol combines user authentication and authorization steps into one phase. The user must be successfully authenticated before the RADIUS server will send authorization information (from the user's profile) to the Network Access Server (NAS). After user authentication has occurred, the authorization information provided by the RADIUS server is stored on the NAS for the duration of the user's session. Changes in the user's authorization profile during this time will not be effective until after the next authentication occurs. You can limit the services for a user by enabling AAA RADIUS authorization. The NAS uses the information set up on the RADIUS server to control the user's access to CLI commands. The authorization type implemented on the switches covered in this guide is the "commands" method. This method explicitly specifies on the RADIUS server which commands are allowed on the client device for authenticated users. This is done on a per-user or per-group basis. The commands authorization will only be executed for commands entered from Telnet, SSH, or console sessions. The Web management interface is not supported. By default, all users may execute a minimal set of commands regardless of their authorization status, for example, "exit" and "logout". This minimal set of commands can prevent deadlock on the switch due to an error in the user's authorization profile on the RADIUS server. 5-26