ii
Accessing the device through SNMP ···························································· 43
Controlling user access ················································································· 44
FIPS compliance ·············································································································································· 44
Controlling Telnet/SSH logins ·························································································································· 44
Configuration procedures ························································································································· 44
Configuration example ····························································································································· 44
Controlling Web logins ····································································································································· 45
Configuring source IP-based Web login control ······················································································· 45
Logging off online Web users ··················································································································· 45
Web login control configuration example ································································································· 46
Controlling SNMP access ································································································································ 46
Configuration procedure ··························································································································· 46
Configuration example ····························································································································· 47
Configuring command authorization ················································································································ 48
Configuration procedure ··························································································································· 48
Configuration example ····························································································································· 49
Configuring command accounting ··················································································································· 51
Configuration procedure ··························································································································· 51
Configuration example ····························································································································· 52
Configuring RBAC ························································································· 54
Overview ·························································································································································· 54
Permission assignment ···························································································································· 54
Assigning user roles ································································································································· 56
FIPS compliance ·············································································································································· 57
Configuration task list ······································································································································· 57
Creating user roles ··········································································································································· 57
Configuring user role rules ······························································································································· 57
Configuration restrictions and guidelines ································································································· 58
Configuration procedure ··························································································································· 58
Configuring feature groups ······························································································································ 59
Configuring resource access policies ·············································································································· 59
Configuring the interface policy of a user role ·························································································· 59
Configuring the VLAN policy of a user role ······························································································ 60
Assigning user roles ········································································································································· 60
Enabling the default user role feature ······································································································ 60
Assigning user roles to remote AAA authentication users ······································································· 61
Assigning user roles to local AAA authentication users ··········································································· 61
Assigning user roles to non-AAA authentication users on user lines ······················································· 62
Configuring temporary user role authorization ································································································· 62
Configuration guidelines ··························································································································· 62
Configuring user role authentication ········································································································ 64
Obtaining temporary user role authorization ···························································································· 64
Displaying and maintaining RBAC settings ······································································································ 65
RBAC configuration examples ························································································································· 65
RBAC configuration example for local AAA authentication users ···························································· 65
RBAC configuration example for RADIUS authentication users ······························································ 67
RBAC temporary user role authorization configuration example (HWTACACS authentication) ·············· 69
RBAC temporary user role authorization configuration example (RADIUS authentication) ····················· 74
Troubleshooting RBAC ···································································································································· 77
Local users have more access permissions than intended ······································································ 77
Login attempts by RADIUS users always fail ··························································································· 77
Configuring FTP ···························································································· 78
FIPS compliance ·············································································································································· 78
Using the device as an FTP server ·················································································································· 78
Configuring basic parameters ·················································································································· 78
Configuring authentication and authorization ··························································································· 79
Manually releasing FTP connections ······································································································· 80
Displaying and maintaining the FTP server ····························································································· 80
To Next Page
Loading...
Need help?
General