4000 Router Series Fundamentals Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[Sysname-acl-basic-2000] quit

# Associate the ACL with the SNMP community and the SNMP group.

[Sysname] snmp-agent community read aaa acl 2000

[Sysname] snmp-agent group v2c groupa acl 2000

[Sysname] snmp-agent usm-user v2c usera groupa acl 2000

Configuring command authorization

By default, commands are available for a user depending only on that user's user roles. When the

authentication mode is scheme, you can configure the command authorization function to further control

access to commands.

After you enable command authorization, a command is available for a user only if the user has the

commensurate user role and is authorized to use the command by the AAA scheme.

This section provides the procedure for configuring command authorization. To make the command

authorization function take effect, you must configure a command authorization method in ISP domain

view. For more information, see Security Configuration Guide.

Configuration procedure

To configure command authorization:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter user line view or

user line class view.

• To enter user line view:

line { first-number1

[ last-number1 ] | { aux |

console | tty | vty }

first-number2 [ last-number2 ] }

• To enter user line class view:

line class { aux | console | tty

| vty }

Use either command.

Settings configured in a user line class view

are applied as user-defined default settings

to all user lines of the line class. Settings

configured in a user line view are applied

to only the user line and take precedence

over the user-defined default settings. If a

parameter is not configured in user line

view or user line class view, the factory

default setting is used.

Settings in a user line view take effect

immediately and affects the online user.

Settings in the line class view do not affect

online users and take effect only for users

who log in after the configuration is

completed.

3. Enable scheme

authentication.

authentication-mode scheme

On a device with both AUX and console

lines, authentication is disabled for the

console line and password authentication

is enabled for the AUX line by default.

On a device that has one AUX line and

does not have a console line,

authentication is disabled for the AUX line

by default.