ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Commands authorization

SOLVED
Go to solution
rteglgaa
Occasional Advisor

Commands authorization

Hi,

I've successfully set up Commands Authorization using RADIUS, and I can permit or deny specific commands through the RADIUS server.

But when I permit the "configure" command, every sub-command gets permitted automatically. So say I want a login to only be able to issue "AAA" commands, I can't do that, because the moment I allow the login to enter configure mode with the CONFIGURE command, they can do IP commands, INTERFACE commands, etc.

Does anyone know if this is normal behaviour or possible a mistake at my end or a bug?

Is a Procurve 5400zl with newest firmware and the RADIUS server is Microsoft NPS 2012.

/Rasmus

1 REPLY
rteglgaa
Occasional Advisor
Solution

Re: Commands authorization

Figured it out myself:

The configure command had to be written like configure$ (regex) in order not to allow every subcommand for some reason.