HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Configuration Guide - Page 46
Configuring command authorization, Configuration procedure
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 46 highlights
[Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group. [Sysname] snmp-agent community read aaa acl 2000 [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 Configuring command authorization By default, commands are available for a user depending only on that user's user roles. When the authentication mode is scheme, you can configure the command authorization function to further control access to commands. After you enable command authorization, a command is available for a user only if the user has the commensurate user role and is authorized to use the command by the AAA scheme. This section provides the procedure for configuring command authorization. To make the command authorization function take effect, you must configure a command authorization method in ISP domain view. For more information, see Security Configuration Guide. Configuration procedure To configure command authorization: Step 1. Enter system view. 2. Enter user interface view. 3. Enable scheme authentication. Command Remarks system-view N/A user-interface { first-number1 [ last-number1 ] | { aux | console | vty } first-number2 [ last-number2 ] } N/A authentication-mode scheme The defaults are as follows: • Console user interface-Authentication is disabled. • AUX user interface-Authentication is disabled if the device started up with the default configuration file, and password authentication is enabled if the device started up with empty configuration. • VTY user interface-Password authentication is enabled. For more information about empty configuration and the default configuration file, see "Managing configuration files." 39