R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)
28
Verifying the configuration
# Telnet to the router, and enter the username and password to access the router. (Details not shown.)
# Verify that you cannot enter any interface view except the views of GigabitEthernet 2/1/2 to
GigabitEthernet 2/1/4. This example uses GigabitEthernet 2/1/1.
<Router> system-view
[Router] interface gigabitethernet 2/1/1
Permission denied.
# Verify that you can access GigabitEthernet 2/1/2 to GigabitEthernet 2/1/4 to configure them. This
example uses GigabitEthernet 2/1/2.
[Router] interface gigabitethernet 2/1/2
[Router-GigabitEthernet2/1/2] ip address 6.6.6.6 24
[Router-GigabitEthernet2/1/2] quit
# Verify that you can use all read commands of any feature. This example uses display clock.
[Router] display clock
09:31:56 UTC Sat 01/01/2011
[Router] quit
# Verify that you cannot use the write or execute commands of any feature.
<Router> debugging role all
Permission denied.
<Router> ping 192.168.1.58
Permission denied.
RBAC configuration example for RADIUS authentication users
Network requirements
As shown in Figure 4, the router uses the FreeRADIUS server at 10.1.1.1/24 to provide AAA service for
login users, including the Telnet user at 192.168.1.58. The Telnet user uses the username hello@bbb and
is assigned the user role role2.
The user role role2 has the following permissions:
• Uses all commands in ISP view.
• Uses the read and write commands of features arp and radius.
• Has no access to read commands of the feature route.
• Accesses VLANs 1 to 20 and interfaces GigabitEthernet 2/1/1 to GigabitEthernet 2/1/4.
The router and the FreeRADIUS server use the shared key expert and authentication port 1812. The router
delivers usernames with their domain names to the server.