R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)
26
Obtaining temporary user role authorization
AUX, VTY, or TTY users must pass authentication before they can use a user role that is not included in
the user account they are logged in with.
Perform the following task in user view:
Task Command
Remarks
Obtain the temporary
authorization to use a
user role.
super [ rolename ]
The operation fails after three consecutive unsuccessful
password attempts.
The user role must have the permission to execute the
super command to obtain temporary user role
authorization.
Displaying RBAC settings
Execute display commands in any view.
Task Command
Display user role information. display role [ name role-name ]
Display user role feature
information.
display role feature [ name feature-name | verbose ]
Display user role feature group
information.
display role feature-group [ name feature-group-name ] [ verbose ]
RBAC configuration examples
RBAC configuration example for local AAA authentication
users
Network requirements
As shown in Figure 3, the router performs local AAA authentication for the Telnet user at 192.168.1.58.
The Telnet user uses the username user1@bbb and is assigned the user role role1.
Configure role1 to have the following permissions:
• Executes the read commands of any feature.
• Accesses none of the interfaces except GigabitEthernet 2/1/2 to GigabitEthernet 2/1/4.
Figure 3 Network diagram