Aruba & ProVision-based
1748235 Members
3301 Online
108759 Solutions
New Discussion

Commands authorization

 
SOLVED
Go to solution
rteglgaa
Occasional Advisor

Commands authorization

Hi,

I've successfully set up Commands Authorization using RADIUS, and I can permit or deny specific commands through the RADIUS server.

But when I permit the "configure" command, every sub-command gets permitted automatically. So say I want a login to only be able to issue "AAA" commands, I can't do that, because the moment I allow the login to enter configure mode with the CONFIGURE command, they can do IP commands, INTERFACE commands, etc.

Does anyone know if this is normal behaviour or possible a mistake at my end or a bug?

Is a Procurve 5400zl with newest firmware and the RADIUS server is Microsoft NPS 2012.

/Rasmus

1 REPLY 1
rteglgaa
Occasional Advisor
Solution

Re: Commands authorization

Figured it out myself:

The configure command had to be written like configure$ (regex) in order not to allow every subcommand for some reason.