Wired Intelligent Edge

 View Only
last person joined: 22 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Commands authorization

This thread has been viewed 0 times

  • 1.  Commands authorization

    Posted Mar 22, 2018 04:32 PM

    Hi,

    I've successfully set up Commands Authorization using RADIUS, and I can permit or deny specific commands through the RADIUS server.

    But when I permit the "configure" command, every sub-command gets permitted automatically. So say I want a login to only be able to issue "AAA" commands, I can't do that, because the moment I allow the login to enter configure mode with the CONFIGURE command, they can do IP commands, INTERFACE commands, etc.

    Does anyone know if this is normal behaviour or possible a mistake at my end or a bug?

    Is a Procurve 5400zl with newest firmware and the RADIUS server is Microsoft NPS 2012.

    /Rasmus


    #command
    #authorization


  • 2.  RE: Commands authorization

    Posted Mar 23, 2018 06:30 AM

    Figured it out myself:

    The configure command had to be written like configure$ (regex) in order not to allow every subcommand for some reason.