RADIUS Authentication and Accounting
Configuring RADIUS Authorization
■ HP-Command-Exception: A flag that specifies whether the
commands indicated by the HP-Command-String attribute are
permitted or denied to the user. A zero (0) means permit all listed
commands and deny all others; a one (1) means deny all listed
commands and permit all others.
The results of using the HP-Command-String and HP-Command-Exception
attributes in various combinations are shown below.
HP-Command-String HP-Command-Exception Description
Not present Not present If command authorization is enabled
and the RADIUS server does not
provide any authorization attributes in
an Access-Accept packet, the user is
denied access to the server. This
message appears: “Access denied: no
user’s authorization info supplied by
the RADIUS server.”
Not present DenyList-PermitOthers(1) Authenticated user is allowed to
execute all commands available on
the switch.
Not present PermitList-DenyOthers(0) Authenticated user can only execute
a minimal set of commands (those that
are available by default to any user).
Commands List DenyList-PermitOthers(1) Authenticated user may execute all
commands except those in the
Commands list.
Commands List PermitList-DenyOthers(0) Authenticated user can execute only
those commands provided in the
Commands List, plus the default
commands.
Commands List Not present Authenticated user can only execute
commands from the Commands List,
plus the default commands.
Empty Commands Not present Authenticate user can only execute a
List minimal set of commands (those that
are available by default to any user).
Empty Commands DenyList-PermitOthers(1) Authenticated user is allowed to
List execute all commands available on
the switch.
Empty Commands PermitList-DenyOthers(0) Authenticate user can only execute a
List minimal set of commands (those that
are available by default to any user).
5-22
To Next Page
