ii
Accessing the device thro
ugh SNMP ······················································································································· 37
Controlling user access ·············································································································································· 38
FIPS compliance ····························································································································································· 38
Controlling Telnet/SSH logins ······································································································································ 38
Configuration procedures ····································································································································· 38
Configuration example ········································································································································· 39
Controlling SNMP access·············································································································································· 39
Configuration procedure ······································································································································ 39
Configuration example ········································································································································· 40
Configuring command authorization ··························································································································· 41
Configuration procedure ······································································································································ 41
Configuration example ········································································································································· 42
Configuring command accounting ······························································································································· 44
Configuration procedure ······································································································································ 44
Configuration example ········································································································································· 45
Configuring RBAC ······················································································································································ 47
Overview ········································································································································································· 47
Permission assignment ·········································································································································· 47
Assigning user roles ·············································································································································· 49
FIPS compliance ····························································································································································· 50
Configuration task list ···················································································································································· 50
Creating user roles ························································································································································· 50
Configuring user role rules ············································································································································ 51
Configuration restrictions and guidelines ··········································································································· 51
Configuration procedure ······································································································································ 52
Configuring feature groups ··········································································································································· 52
Changing resource access policies ······························································································································ 53
Changing the interface policy of a user role ······································································································ 53
Changing the VLAN policy of a user role ·········································································································· 53
Assigning user roles ······················································································································································· 54
Enabling the default user role feature ················································································································· 54
Assigning user roles to remote AAA authentication users ················································································ 54
Assigning user roles to local AAA authentication users ···················································································· 55
Assigning user roles to non-AAA authentication users on user lines ······························································· 55
Configuring temporary user role authorization ·········································································································· 56
Configuration guidelines ······································································································································ 56
Configuring user role authentication ··················································································································· 58
Obtaining temporary user role authorization ···································································································· 58
Displaying RBAC settings ·············································································································································· 59
RBAC configuration examples ······································································································································ 59
RBAC configuration example for local AAA authentication users ··································································· 59
RBAC configuration example for RADIUS authentication users ······································································· 61
RBAC temporary user role authorization configuration example (HWTACACS authentication) ················· 64
RBAC temporary user role authorization configuration example (RADIUS authentication) ·························· 68
Troubleshooting RBAC ··················································································································································· 71
Local users have more access permissions than intended ················································································ 71
Login attempts by RADIUS users always fail ······································································································ 71
Configuring FTP ·························································································································································· 73
FIPS compliance ····························································································································································· 73
Using the device as an FTP server ································································································································ 73
Configuring basic parameters ····························································································································· 74
Configuring authentication and authorization ··································································································· 74
Manually releasing FTP connections ··················································································································· 75
To Next Page
Loading...
