Aruba & ProVision-based
Showing results for 
Search instead for 
Did you mean: 

Commands authorization

Go to solution
Occasional Advisor

Commands authorization


I've successfully set up Commands Authorization using RADIUS, and I can permit or deny specific commands through the RADIUS server.

But when I permit the "configure" command, every sub-command gets permitted automatically. So say I want a login to only be able to issue "AAA" commands, I can't do that, because the moment I allow the login to enter configure mode with the CONFIGURE command, they can do IP commands, INTERFACE commands, etc.

Does anyone know if this is normal behaviour or possible a mistake at my end or a bug?

Is a Procurve 5400zl with newest firmware and the RADIUS server is Microsoft NPS 2012.


Occasional Advisor

Re: Commands authorization

Figured it out myself:

The configure command had to be written like configure$ (regex) in order not to allow every subcommand for some reason.