Manualshelf

R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
31323334353637383940
31
[Router] domain abc
[Router-isp-abc] authentication login radius-scheme abc
[Router-isp-abc] quit
# Verify that you can use all read and write commands of the features radius and arp. This example uses
radius.
[Router] radius scheme rad
[Router-radius-rad] primary authentication 2.2.2.2
[Router-radius-rad] display radius scheme rad
Output of the RADIUS scheme is omitted.
# Verify that you cannot configure any VLAN except VLANs 1 to 20. This example uses VLAN 10 and
VLAN 30.
[Router] vlan 10
[Router-vlan10] quit
[Router] vlan 30
Permission denied.
# Verify that you cannot configure any interface except GigabitEthernet 2/1/1 to GigabitEthernet
2/1/4. This example uses GigabitEthernet 2/1/2 and GigabitEthernet 2/1/5.
[Router] vlan 10
[Router-vlan10] port gigabitethernet 2/1/2
[Router-vlan10] port gigabitethernet 2/1/5
Permission denied.
RBAC configuration example for HWTACACS authentication
users
Network requirements
As shown in Figure 5, the router uses local authentication for login users, including the Telnet user at
192.168.1.58. The Telnet user uses the username test@bbb and is assigned the user role level-0.
Configure the remote-then-local authentication mode for temporary user role authorization. The router
uses the HWTACACS server to provide authentication for the level-0 to level-3 user roles. If the AAA
configuration is invalid or the HWTACACS server does not respond, the router performs local
authentication.
Figure 5 Network diagram
Internet
Router
Telnet user
192.168.1.58/24
GE2/1/1
192.168.1.70/24
GE2/1/2
10.1.1.2/24
HWTACACS server
10.1.1.1/24