4000 Router Series Fundamentals Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

Ste

Command

Remarks

3. Set a local

authentication

password for a user

role.

• In non-FIPS mode:

super password [ role rolename ]

[ { hash | simple } password ]

• In FIPS mode:

super password [ role rolename ]

Use this step for local password

authentication.

By default, no password is

configured.

If you do not specify the role

rolename option, the command sets

the password for network-admin.

Obtaining temporary user role authorization

AUX, VTY, or TTY users must pass authentication before they can use a user role that is not included in

their user accounts they are logged in with.

Perform the following task in user view:

Task Command

Remarks

Obtain the temporary

authorization to use a

user role.

super [ rolename ]

The operation fails after three consecutive unsuccessful

password attempts.

Displaying RBAC settings

Execute display commands in any view.

Task Command

Display user role information. display role [ name role-name ]

Display user role feature

information.

display role feature [ name feature-name | verbose ]

Display user role feature group

information.

display role feature-group [ name feature-group-name ] [ verbose ]

RBAC configuration examples

RBAC configuration example for local AAA authentication

users

Network requirements

The router in Figure 3 performs local AAA authentication for the Telnet user at 192.168.1.58. This Telnet

user uses the username user1@bbb and is assigned the user role role1.

Configure role1 to have the following permissions:

• Executes the read commands of any feature.