Rbac Configuration Example For Radius Authentication Users - HP 10500 Series Configuration Manual

# Remove the default user role network-operator from the user. This operation ensures that the user has
only the permissions of role1.
[Switch-luser-manage-user1] undo authorization-attribute user-role network-operator
[Switch-luser-manage-user1] quit
Verifying the configuration
# Telnet to the switch, and enter the username and password to access the switch. (Details not shown.)
# Verify that you can create VLANs 10 to 20. This example uses VLAN 10.
<Switch> system-view
[Switch] vlan 10
[Switch-vlan10] quit
# Verify that you cannot create any VLANs other than VLANs 10 to 20. This example uses VLAN 30.
[Switch] vlan 30
Permission denied.
# Verify that you can use all read commands of any feature. This example uses display clock.
[Switch] display clock
09:31:56 UTC Sat Wed 01/01/2014
[Switch] quit
# Verify that you cannot use the write or execute commands of any feature.
<Switch> debugging role all
Permission denied.
<Switch> ping 192.168.1.58
Permission denied.

RBAC configuration example for RADIUS authentication users

Network requirements
As shown in
including the Telnet user. The Telnet user uses the username hello@bbb and is assigned the user role
role2.
The user role role2 has the following permissions:
Can use all commands in ISP view.
•
Can use the read and write commands of the arp and radius features.
•
Cannot access the read commands of the acl feature.
•
Can configure only VLANs 1 to 20 and interfaces GigabitEthernet 1/0/1 to GigabitEthernet
•
1/0/24.
The switch and the FreeRADIUS server use the shared key expert and authentication port 1812. The switch
delivers usernames with their domain names to the server.
Figure 4, the switch uses the FreeRADIUS server to provide AAA service for login users,
30