HP 5130 EI series

HP 5130 EI series

166 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

65

# Specify the primary authentication server address 10.1.1.1 and the service port 49 in the

scheme.

[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49

# Set the shared key to expert in the scheme for the switch to authenticate to the server.

[Switch-hwtacacs-hwtac] key authentication simple expert

# Exclude the ISP domain name from the username sent to the HWTACACS server.

[Switch-hwtacacs-hwtac] user-name-format without-domain

[Switch-hwtacacs-hwtac] quit

# Create ISP domain bbb and enter ISP domain view.

[Switch] domain bbb

# Configure ISP domain bbb to use local authentication for login users.

[Switch-isp-bbb] authentication login local

# Configure ISP domain bbb to use local authorization for login users.

[Switch-isp-bbb] authorization login local

# Apply the HWTACACS scheme hwtac to the ISP domain for user role authentication.

[Switch-isp-bbb] authentication super hwtacacs-scheme hwtac

[Switch-isp-bbb] quit

# Create a device management user named test and enter local user view. Set the service type to

Telnet, and set the password to aabbcc.

[Switch] local-user test class manage

[Switch-luser-manage-test] service-type telnet

[Switch-luser-manage-test] password simple aabbcc

# Assign level-0 to the user.

[Switch-luser-manage-test] authorization-attribute user-role level-0

# Delete the default user role network-operator.

[Switch-luser-manage-test] undo authorization-attribute user-role network-operator

[Switch-luser-manage-test] quit

# Set the local authentication password to 654321 for the user role level-3.

[Switch] super password role level-3 simple 654321

# Set the local authentication password to 654321 for the user role network-admin.

[Switch] super password role network-admin simple 654321

[Switch] quit

2. Configure the HWTACACS server:

This example uses ACSv4.0.

a. Access the User Setup page.

b. Add a user account test. (Details not shown.)

c. In the Advanced TACACS+ Settings area, configure the following parameters:

− Select Level 3 for the Max Privilege for any AAA Client option.

If the target user role is only network-admin for temporary user role authorization, you can

select any level from the Max Privilege for any AAA Client option.

− Select the Use separate password option, and specify enabpass as the password.

Table of Contents

Related product manuals

Preview: HP 5130 EI Switch Series

HP 5130 EI Switch Series

Preview: HP 5130-24G-4SFP+ EI

HP 5130-24G-4SFP+ EI

Preview: HP FlexNetwork 5130 HI series

HP FlexNetwork 5130 HI series

Preview: HP 5120 EI Series

HP 5120 EI Series

Preview: HP 5120 EI Switch Series

HP 5120 EI Switch Series

Preview: HP FlexNetwork 5140 EI Series

HP FlexNetwork 5140 EI Series

HP HPE 5140 24G 4SFP+ EI

Preview: HP 5500 EI series

HP 5500 EI series

Preview: HP A3100-8 v2 EI

HP A3100-8 v2 EI

Preview: HP A5120 EI Series

HP A5120 EI Series

HP A5120-24G EI TAA

Preview: HP 5120 series