64
2. Verify that you can obtain the level-3 user role:
# Use the super password to obtain the level-3 user role. When the system prompts for a
username and password, enter the username test@bbb and password enabpass.
<Switch> super level-3
Username: test@bbb
Password:
The following output shows that you have obtained the level-3 user role.
User privilege role is level-3, and only those commands that authorized to the role
can be used.
# If the ACS server does not respond, enter the local authentication password 654321 at the
prompt.
Invalid configuration or no response from the authentication server.
Change authentication mode to local.
Password:
User privilege role is level-3, and only those commands that authorized to the role
can be used.
The output shows that you have obtained the level-3 user role.
3. Use the method in step 2 to verify that you can obtain the user roles level 0, level 1, level 2, and
network-admin. (Details not shown.)
RBAC temporary user role authorization configuration
example (RADIUS authentication)
Network requirements
As shown in Figure 24, the switch uses local authentication for login users, including the Telnet user
at 192.168.1.58. The user account for the Telnet user is test@bbb and is assigned the user role
level-0.
Configure the remote-then-local authentication mode for temporary user role authorization. The
switch uses the RADIUS server to provide authentication for the network-admin user role. If the AAA
configuration is invalid or the RADIUS server does not respond, the switch performs local
authentication.
Figure 24 Network diagram
Configuration procedure
1. Configure the switch:
# Assign an IP address to VLAN-interface 2, the interface connected to the Telnet user.
<Switch> system-view
Internet
Telnet user
192.168.1.58/24
RADIUS server
10.1.1.1/24
Vlan-int2
192.168.1.70/24
Vlan-int3
10.1.1.2/24
To Next Page
Loading...
Need help?
General