Manualshelf

R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
31323334353637383940
30
[Router] domain bbb
[Router-isp-bbb] authentication login radius-scheme rad
[Router-isp-bbb] authorization login radius-scheme rad
[Router-isp-bbb] quit
# Create the feature group fgroup1.
[Router] role feature-group name fgroup1
# Add the features arp and radius to the feature group.
[Router-featuregrp-fgroup1] feature arp
[Router-featuregrp-fgroup1] feature radius
[Router-featuregrp-fgroup1] quit
# Create the user role role2.
[Router] role name role2
# Configure rule 1 to allow the user role to use all commands available in ISP view.
[Router-role-role2] rule 1 permit command system-view ; domain *
# Configure rule 2 to permit the user role to use read and write commands of all features in
fgroup1.
[Router-role-role2] rule 2 permit read write feature-group fgroup1
# Configure rule 3 to permit the user role to create VLANs and use all commands available in
VLAN view.
[Router-role-role2] rule 3 permit command system-view ; vlan *
# Configure rule 4 to permit the user role to enter interface view and use all commands available
in interface view.
[Router-role-role2] rule 4 permit command system-view ; interface *
# Configure the user role VLAN policy to disable configuration of any VLAN except VLANs 1 to
20.
[Router-role-role2] vlan policy deny
[Router-role-role2-vlanpolicy] permit vlan 1 to 20
[Router-role-role2-vlanpolicy] quit
# Configure the user role interface policy to disable access to any interface except GigabitEthernet
2/1/1 to GigabitEthernet 2/1/4.
[Router-role-role2] interface policy deny
[Router-role-role2-ifpolicy] permit interface gigabitethernet 2/1/1 to
gigabitethernet 2/1/4
[Router-role-role2-ifpolicy] quit
[Router-role-role2] quit
2. Configure the RADIUS server:
# Add either of the user role attributes to the dictionary file of the FreeRADIUS server.
Cisco-AVPair = "shell:roles=\"role1 role2\""
Cisco-AVPair = "shell:roles*\"role1 role2\""
# Configure the settings required for the FreeRADIUS server to communicate with the router.
(Details not shown.)
Verifying the configuration
# Telnet to the router, and enter the username and password to access the router. (Details not shown.)
# Verify that you can use all commands available in ISP view.
<Router> system-view