HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Configuration Guide - Page 63
Ten-GigabitEthernet 1/1/5 to Ten-GigabitEthernet 1/1/10.
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 63 highlights
# Specify the primary server address 10.1.1.1 and the service port 1812 in the scheme. [Switch-radius-rad] primary authentication 10.1.1.1 1812 # Set the shared key to expert in the scheme for the switch to authenticate to the server. [Switch-radius-rad] key authentication simple expert [Switch-radius-rad] quit # Specify the scheme rad as the authentication and authorization schemes for the ISP domain bbb. IMPORTANT: Because RADIUS user authorization information is piggybacked in authentication responses, the authentication and authorization methods must use the same RADIUS scheme. [Switch] domain bbb [Switch-isp-bbb] authentication login radius-scheme rad [Switch-isp-bbb] authorization login radius-scheme rad [Switch-isp-bbb] quit # Create the feature group fgroup1. [Switch] role feature-group name fgroup1 # Add the features arp and radius to the feature group. [Switch-featuregrp-fgroup1] feature arp [Switch-featuregrp-fgroup1] feature radius [Switch-featuregrp-fgroup1] quit # Create the user role role2. [Switch] role name role2 # Configure rule 1 to permit the user role to use all commands available in ISP view. [Switch-role-role2] rule 1 permit command system-view ; domain * # Configure rule 2 to permit the user role to use read and write commands of all features in fgroup1. [Switch-role-role2] rule 2 permit read write feature-group fgroup1 # Configure rule 3 to disable access to the read commands of the acl feature. [Switch-role-role2] rule 3 deny read feature acl # Configure rule 4 to permit the user role to create VLANs and use all commands available in VLAN view. [Switch-role-role2] rule 4 permit command system-view ; vlan * # Configure rule 5 to permit the user role to enter interface view and use all commands available in interface view. [Switch-role-role2] rule 5 permit command system-view ; interface * # Configure the user role VLAN policy to disable configuration of any VLAN except VLANs 1 to 20. [Switch-role-role2] vlan policy deny [Switch-role-role2-vlanpolicy] permit vlan 1 to 20 [Switch-role-role2-vlanpolicy] quit # Configure the user role interface policy to disable configuration of any interface except Ten-GigabitEthernet 1/1/5 to Ten-GigabitEthernet 1/1/10. [Switch-role-role2] interface policy deny [Switch-role-role2-ifpolicy] permit interface ten-gigabitethernet 1/1/5 to ten-gigabitethernet 1/1/10 56