Filter
Top Products
RADIUS Authentication and Accounting
Commands Authorization
The results of using the HP-Command-String and HP-Command-Exception
attributes in various combinations are shown below.
HP-Command-String HP-Command-Exception Description
Not present Not present If command authorization is enabled
and the RADIUS server does not
provide any authorization attributes in
an Access-Accept packet, the user is
denied access to the server. This
message appears: “Access denied: no
user’s authorization info supplied by
the RADIUS server.”
Not present DenyList-PermitOthers(1) Authenticated user is allowed to
execute all commands available on
the switch.
Not present PermitList-DenyOthers(0) Authenticated user can only execute
a minimal set of commands (those that
are available by default to any user).
Commands List DenyList-PermitOthers(1) Authenticated user may execute all
commands except those in the
Commands list.
Commands List PermitList-DenyOthers(0) Authenticated user can execute only
those commands provided in the
Commands List, plus the default
commands.
Commands List Not present Authenticated user can only execute
commands from the Commands List,
plus the default commands.
Empty Commands Not present Authenticate user can only execute a
List minimal set of commands (those that
are available by default to any user).
Empty Commands DenyList-PermitOthers(1) Authenticated user is allowed to
List execute all commands available on
the switch.
Empty Commands PermitList-DenyOthers(0) Authenticate user can only execute a
List minimal set of commands (those that
are available by default to any user).
You must configure the RADIUS server to provide support for the HP VSAs.
There are multiple RADIUS server applications; the two examples below show
how a dictionary file can be created to define the VSAs for that RADIUS server
application.
5-29