RADIUS Authentication and Accounting
Commands Authorization
Enabling Authorization
To configure authorization for controlling access to the CLI commands, enter
this command at the CLI.
Syntax:
[no] aaa authorization <commands> <radius | none>
Configures authorization for controlling access to CLI
commands. When enabled, the switch checks the list of commands
supplied by the RADIUS server during user authentication to
determine if a command entered by the user can be executed.
radius:
The NAS requests authorization information from the
RADIUS server. Authorization rights are assigned by user or
group.
none
:
The NAS does not request authorization information.
For example, to enable the RADIUS protocol as the authorization method:
ProCurve(config)# aaa authorization commands radius
When the NAS sends the RADIUS server a valid username and password, the
RADIUS server sends an Access-Accept packet that contains two attributes
—the command list and the command exception flag. When an authenticated
user enters a command on the switch, the switch examines the list of com
mands delivered in the RADIUS Access-Accept packet as well as the command
exception flag, which indicates whether the user has permission to execute
the commands in the list. See
Configuring the RADIUS Server
After the Access-Accept packet is deliver, the command list resides on the
switch. Any changes to the user’s command list on the RADIUS server are not
seen until the user is authenticated again.
5-27
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......