6-36
RADIUS Authentication, Authorization, and Accounting
Commands Authorization
Commands Authorization
The RADIUS protocol combines user authentication and authorization steps
into one phase. The user must be successfully authenticated before the
RADIUS server will send authorization information (from the user’s profile)
to the Network Access Server (NAS). After user authentication has occurred,
the authorization information provided by the RADIUS server is stored on the
NAS for the duration of the user’s session. Changes in the user’s authorization
profile during this time will not be effective until after the next authentication
occurs.
You can limit the services for a user by enabling AAA RADIUS authorization.
The NAS uses the information set up on the RADIUS server to control the
user’s access to CLI commands.
The authorization type implemented on the switches covered in this guide is
the “commands” method. This method explicitly specifies on the RADIUS
server which commands are allowed on the client device for authenticated
users. This is done on a per-user or per-group basis.
N o t e
The commands authorization will only be executed for commands entered
from Telnet, SSH, or console sessions. The Web management interface is not
supported.
By default, all users may execute a minimal set of commands regardless of
their authorization status, for example, “exit” and “logout”. This minimal set
of commands can prevent deadlock on the switch due to an error in the user’s
authorization profile on the RADIUS server.
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......