HP MSR2000/3000/4000 Router Series Fundamentals Configuration Guide
ii
RBAC configuration example for RADIUS authentication users ······································································· 28
RBAC configuration example for HWTACACS authentication users ······························································ 31
Troubleshooting RBAC ··················································································································································· 34
Local users have more access permissions than intended ················································································ 35
Login attempts by RADIUS users always fail ······································································································ 35
Login overview ··························································································································································· 36
Logging in through the console port for the first device access ·············································································· 38
Logging in to the CLI ·················································································································································· 41
CLI overview ··································································································································································· 41
User lines ································································································································································ 41
Login authentication modes ·································································································································· 42
User roles ······························································································································································· 42
FIPS compliance ····························································································································································· 43
Logging in through the console/AUX port locally ······································································································ 43
Disabling authentication for console/AUX login ······························································································· 44
Configuring password authentication for console/AUX login ········································································· 45
Configuring scheme authentication for console/AUX login ············································································· 46
Configuring common console/AUX line settings ······························································································· 48
Logging in through Telnet ·············································································································································· 50
Configuring Telnet login on the device ··············································································································· 50
Using the device to log in to a Telnet server ······································································································ 56
Logging in through SSH ················································································································································ 57
Configuring SSH login on the device ·················································································································· 57
Using the device to log in to an SSH server ······································································································· 59
Logging in through a pair of modems ························································································································· 59
Displaying and maintaining CLI login ························································································································· 62
Accessing the device through SNMP ······················································································································· 63
Configuring SNMPv3 access ········································································································································ 63
Configuring SNMPv1 or SNMPv2c access ················································································································· 64
Controlling user access ·············································································································································· 65
Controlling Telnet/SSH logins ······································································································································ 65
Configuration procedures ····································································································································· 65
Configuration example ········································································································································· 65
Controlling SNMP access·············································································································································· 66
Configuration procedure ······································································································································ 66
Configuration example ········································································································································· 67
Configuring command authorization ··························································································································· 68
Configuration procedure ······································································································································ 68
Configuration example ········································································································································· 69
Configuring command accounting ······························································································································· 70
Configuration procedure ······································································································································ 70
Configuration example ········································································································································· 71
Configuring FTP ·························································································································································· 74
FIPS compliance ····························································································································································· 74
Using the device as an FTP server ································································································································ 74
Configuring basic parameters ····························································································································· 74
Configuring authentication and authorization ··································································································· 75
Manually releasing FTP connections ··················································································································· 76
Displaying and maintaining the FTP server ········································································································ 76
FTP server configuration example for MSR2000/MSR3000 ··········································································· 76
FTP server configuration example for MSR4000 ······························································································· 77