Login
- Table of Contents
-
- 05-Web configuration examples (AC+fit AP)
- 01-Telnet Access Control Configuration Example
- 02-IPv6 Telnet Access Control Configuration Example
- 03-Web Access Control Configuration Example
- 04-User Role Assignment for Local Web Authentication Users Configuration Example
- 05-SSH Local Authentication Configuration Example
- 06-SSH User Remote Password Authentication Configuration Example
- 07-IPv6 SSH User Remote Password Authentication Configuration Example
- 08-Password Control Configuration Example
- 09-Licensing Configuration Example
- 10-Automatic License Installation Configuration Example
- 11-Layer 2 Static Link Aggregation Configuration Example
- 12-Layer 2 Dynamic Link Aggregation Configuration Example
- 13-PPPoE Client Configuration Example
- 14-Static IPv6 Address Configuration Example
- 15-IPv6 Static Routing Configuration Example
- 16-Static IPv4 DNS Configuration Example
- 17-Static IPv6 DNS Configuration Example
- 18-IGMP Snooping Configuration Example
- 19-MLD Snooping Configuration Example
- 20-IPv4 DNS Proxy Configuration Example
- 21-IPv6 DNS Proxy Configuration Example
- 22-Static NAT Configuration Example
- 23-Dynamic NAT Configuration Example
- 24-IPv4 ACL-Based Packet Filter Configuration Example
- 25-IPv6 ACL-Based Packet Filter Configuration Example
- 26-ARP Attack Protection Configuration Example
- 27-ARP Proxy Configuration Example
- 28-Dynamic IPv4 DNS Configuration Example
- 29-Dynamic IPv6 DNS Configuration Example
- 30-WLAN Access Configuration Example
- 31-Different Wireless Services on Different Radios Configuration Example
- 32-CAPWAP Tunnel Establishment Through DHCP Configuration Example
- 33-CAPWAP Tunnel Establishment Through DHCPv6 Configuration Example
- 34-CAPWAP Tunnel Establishment Through DNS Configuration Example
- 35-CAPWAP Tunnel Establishment Through DNSv6 Configuration Example
- 36-Auto AP Configuration Example
- 37-AP Group Configuration Example
- 38-Radio Management Configuration Example
- 39-Load Balancing Group-Based Session-Mode Load Balancing Configuration Example
- 40-Radio-Based Session-Mode Load Balancing Configuration Example
- 41-A-MPDU and A-MSDU Configuration Example
- 42-Device Classification and Countermeasure Configuration Example
- 43-Malformed Packet Detection and Flood Attack Detection Configuration Example
- 44-Signature-Based Attack Detection Configuration Example
- 45-802.1X RADIUS-Based AAA Configuration Example
- 46-VLAN Interface-Based Direct Portal Authentication Configuration Example
- 47-Service Template-Based Direct Portal Authentication Configuration Example
- 48-Wireless Spectrum Analysis Configuration Example
- 49-Auto DFS Configuration Examples
- 50-Auto TPC Configuration Examples
- 51-Whitelist-Based Client Access Control Configuration Example
- 52-Blacklist-Based Client Access Control Configuration Example
- 53-CAC Configuration Example
- 54-WLAN Probe Configuration Example
- 55-Intra-AC Roaming Configuration Example
- 56-Bonjour Gateway Configuration Example
- 57-IPv4 Multicast Optimization Configuration Examples
- 58-IPv6 Multicast Optimization Configuration Examples
- 59-Ping Configuration Example
- 60-Local Packet Capture Configuration Example
- 61-Remote Packet Capture Configuration Example
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-User Role Assignment for Local Web Authentication Users Configuration Example | 296.85 KB |
|
|
|
H3C Access Controllers |
|
Comware 7 User Role Assignment for Local Web Authentication Users |
|
Configuration Example |
Copyright © 2022 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Example: Assigning a user role to a local Web authentication user
Enabling the HTTP and HTTPS services
Configuring administrator account user1
Overview
The following information provides an example for assigning a user role to a local Web authentication user.
Prerequisites
The following information applies to Comware 7-based access controllers. Procedures and information in the examples might be slightly different depending on the software or hardware version of the H3C access controllers.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of RBAC.
Example: Assigning a user role to a local Web authentication user
Network configuration
As shown in Figure 1, the AC performs local authentication for the Web user at 192.168.100.22.
Create user account user1 for the Web user and assign user role role1 to the user account.
Configure the user role to offer the following permissions to the user:
· Access interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. Access to any other interfaces is denied.
· Access VLANs 10 to 20. Access to any other VLANs is denied.
Prerequisites
Make sure the AC and the Web user can reach each other.
Restrictions and guidelines
To ensure the security of a new account, the device prompts for setting a new password when you use the account to log in to the device for the first time.
Procedures
Enabling the HTTP and HTTPS services
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select Network Configuration > Management Protocols.
3. On the HTTP/HTTPS tab, enable the HTTP and HTTPS services.
Figure 2 Enabling the HTTP and HTTPS services
Configuring user role role1
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select System > Administrators.
3. Click User roles in the top right corner of the page.
4. Click the Create roles button 
to create a user role:
a. Set the role name to role1.
b. Select Interface list from the Interface access permission field and select GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 from the interface list as permitted interfaces.
c. Select VLAN list from the VLAN access permission field and configure VLANs 10 to 20 as permitted VLANs.
d. Click Apply.
Figure 3 Creating user role role1
5. In the user role list, click the link for the user role in the Rules column to configure user role rules.
Figure 4 Opening the page for configuring user role rules
6. Click the Create rules button 
to create a user role rule:
a. Set a rule ID.
b. Select the read, write, and execute permissions.
c. Click Apply.
Figure 5 Creating a user role rule
Configuring administrator account user1
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select System > Administrators.
3. Click the Create administrators
button 
to create an administrator:
a. Set the username to user1 and the password to aabbccddee.
b. Select role1 from the User roles list.
c. Select HTTP and HTTPS from the Permitted access types field.
d. Click Apply.
Figure 6 Creating administrator account user1
Verifying the configuration
1. Use account user1 to log in to the device.
2. Click the System View tab at the bottom of the page.
3. Verify VLAN access permissions:
a. From the navigation pane, select Network Configuration > VLAN.
b. On the VLAN tab, verify that you can create and configure only VLANs 10 to 20. Permission to any other VLANs is denied.
Figure 7 Verifying VLAN access permissions
4. Verify interface access permissions:
a. From the navigation pane, select Network Configuration > Network Interfaces.
b. On the Interfaces tab, verify that the interface list displays only GE 1/0/1 and GE 1/0/2.
Figure 8 Verifying interface access permissions
Related documentation
H3C Access Controllers Web-Based Configuration Guide
