HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 195
Displaying Authorization Information, Configuring Commands Authorization on a RADIUS Server
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 195 highlights
RADIUS Authentication, Authorization, and Accounting Commands Authorization Displaying Authorization Information You can show the authorization information by entering this command: Syntax: show authorization Configures authorization for controlling access to CLI commands. When enabled, the switch checks the list of commands supplied by the RADIUS server during user authentication to determine if a command entered by the user can be executed. An example of the output is shown. ProCurve(config)# show authorization Status and Counters - Authorization Information Type | Method Commands | RADIUS Figure 5-10. Example of Show Authorization Command Configuring Commands Authorization on a RADIUS Server Using Vendor Specific Attributes (VSAs) Some RADIUS-based features implemented on ProCurve switches use HP VSAs for information exchange with the RADIUS server. RADIUS AccessAccept packets sent to the switch may contain the vendor-specific information. The attributes supported with commands authorization are: ■ HP-Command-String: List of commands (regular expressions) that are permitted (or denied) execution by the user. The commands are delimited by semi-colons and must be between 1 and 249 characters in length. Multiple instances of this attribute may be present in Access-Accept packets. (A single instance may be present in Accounting-Request packets.) ■ HP-Command-Exception: A flag that specifies whether the commands indicated by the HP-Command-String attribute are permitted or denied to the user. A zero (0) means permit all listed commands and deny all others; a one (1) means deny all listed commands and permit all others. 5-28