HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Configuration Guide - Page 66

Con ISP domain, Delete the default user role

Page 66 highlights

[Switch] domain bbb # Configure ISP domain bbb to use local authentication for login users. [Switch-isp-bbb] authentication login local # Configure ISP domain bbb to use local authorization for login users. [Switch-isp-bbb] authorization login local # Apply the HWTACACS scheme hwtac to the ISP domain. [Switch-isp-bbb] authentication super hwtacacs-scheme hwtac [Switch-isp-bbb] quit # Create a device management user named test and enter its view. Set the service type to Telnet, and set the password to aabbcc. [Switch] local-user test class manage [Switch-luser-manage-test] service-type telnet [Switch-luser-manage-test] password simple aabbcc # Assign level-0 to the user. [Switch-luser-manage-test] authorization-attribute user-role level-0 # Delete the default user role network admin. [Switch-luser-manage-test] undo authorization-attribute user-role network-operator [Switch-luser-manage-test] quit # Set the password to 654321 for the user role level-3. [Switch] super password role level-3 simple 654321 [Switch] quit 2. Configure the HWTACACS server: This example uses ACSv4.0. a. Add a user account test. b. Access the Advanced TACACS+ Settings page. c. Select Level 3 for the Max Privilege for any AAA Client option. d. Select the Use separate password option, and specify enabpass as the password. 59

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155

59
[Switch] domain bbb
# Configure ISP domain
bbb
to use local authentication for login users.
[Switch-isp-bbb] authentication login local
# Configure ISP domain
bbb
to use local authorization for login users.
[Switch-isp-bbb] authorization login local
# Apply the HWTACACS scheme
hwtac
to the ISP domain.
[Switch-isp-bbb] authentication super hwtacacs-scheme hwtac
[Switch-isp-bbb] quit
# Create a device management user named
test
and enter its view. Set the service type to Telnet,
and set the password to
aabbcc
.
[Switch] local-user test class manage
[Switch-luser-manage-test] service-type telnet
[Switch-luser-manage-test] password simple aabbcc
# Assign
level-0
to the user.
[Switch-luser-manage-test] authorization-attribute user-role level-0
# Delete the default user role
network admin
.
[Switch-luser-manage-test] undo authorization-attribute user-role network-operator
[Switch-luser-manage-test] quit
# Set the password to
654321
for the user role
level-3
.
[Switch] super password role level-3 simple 654321
[Switch] quit
2.
Configure the HWTACACS server:
This example uses ACSv4.0.
a.
Add a user account
test
.
b.
Access the
Advanced TACACS+ Settings
page.
c.
Select
Level 3
for the
Max Privilege for any AAA Client
option.
d.
Select the
Use separate password
option, and specify
enabpass
as the password.