HP FlexFabric 11000 Switch Products : R21xx-HP FlexFabric 11900 Fundamentals Configuration Guide : Page 4

ii

Accessing the device thro

ugh SNMP ······················································································································· 35

Configuring SNMPv3 access ········································································································································ 35

Configuring SNMPv1 or SNMPv2c access ················································································································· 36

Controlling user access ·············································································································································· 37

FIPS compliance ····························································································································································· 37

Controlling Telnet/SSH logins ······································································································································ 37

Configuration procedures ····································································································································· 37

Configuration example ········································································································································· 38

Controlling SNMP access·············································································································································· 38

Configuration procedure ······································································································································ 38

Configuration example ········································································································································· 39

Configuring command authorization ··························································································································· 40

Configuration procedure ······································································································································ 40

Configuring command accounting ······························································································································· 40

Configuration procedure ······································································································································ 41

Configuring RBAC ······················································································································································ 42

Overview ········································································································································································· 42

Permission assignment ·········································································································································· 42

Assigning user roles ·············································································································································· 44

FIPS compliance ····························································································································································· 44

Configuration task list ···················································································································································· 44

Creating user roles ························································································································································· 44

Configuring user role rules ············································································································································ 45

Configuring feature groups ··········································································································································· 46

Changing resource access policies ······························································································································ 46

Changing the interface policy of a user role ······································································································ 46

Changing the VLAN policy of a user role ·········································································································· 47

Changing the VPN instance policy of a user role ····························································································· 47

Assigning user roles ······················································································································································· 47

Enabling the default user role function ················································································································ 48

Assigning user roles to remote AAA authentication users ················································································ 48

Assigning user roles to local AAA authentication users ···················································································· 48

Assigning user roles to non-AAA authentication users on user interfaces ······················································· 49

Configuring user role switching ···································································································································· 49

Configuration guidelines ······································································································································ 49

Configuring user role switching authentication ·································································································· 50

Switching the user role ·········································································································································· 50

Displaying RBAC settings ·············································································································································· 51

RBAC configuration examples ······································································································································ 51

RBAC configuration example for local AAA authentication users ··································································· 51

RBAC configuration example for RADIUS authentication users ······································································· 53

RBAC configuration example for HWTACACS authentication users ······························································ 56

Troubleshooting RBAC ··················································································································································· 59

Local users have more access permissions than intended ················································································ 59

Login attempts by RADIUS users always fail ······································································································ 59

Configuring FTP ·························································································································································· 61

FIPS compliance ····························································································································································· 61

Using the device as an FTP server ································································································································ 61

Configuring basic parameters ····························································································································· 61

Configuring authentication and authorization ··································································································· 62

Manually releasing FTP connections ··················································································································· 62

Displaying and maintaining the FTP server ········································································································ 62

FTP server configuration example (in standalone mode) ·················································································· 63