Table of Contents
Advertisement
3.2.5 Changing Privilege Levels at Runtime
Users can change their privilege levels at runtime by using the following command on the switch:
5510(config)<level-5># tacacs switch level [<level>]
where <level> is the privilege level the user wants to access. The user is prompted to provide the
required password. If the user does not specify a level in the command, the administration level (15) is
selected by default.
To return to the original privilege level, the user uses the following command on the switch:
5510(config)<level-5># tacacs switch back
To support runtime switching of users to a particular privilege level, you must preconfigure a dummy user
for that level on the daemon. The format of the user name for the dummy user is $enab<n>$, where <n>
is the privilege level to which you want to allow access.
3.3 Avaya Switches TACACS+ Support
TACACS+
Authentication
ERS 8600
ERS 8300
ERS 1600
ES 460/470
ERS 2500
ERS 4500
ERS 5500
TACACS is only for administrative users and not for 802.1x (EAP) users. Refer to
RADIUS for EAP users.
Authentication, Authorization and Accounting (AAA) for ERS and ES
November 2010
TACACS+
Authorization
POI (5.1)
POI (5.1)
Yes
Yes
Yes
Yes
No
No
POI (4.2)
POI (4.2)
POR (5.2)
POR (5.2)
Yes
Yes
Technical Configuration Guide
TACACS+
Multiple
session
Accounting
Over single
tcp
connection
POI (5.1)
POI (5.1)
No
Yes
No
Yes
No
No
POI (4.2)
No
POR (5.2)
No
Yes
No
avaya.com
Changing
privilege
level at
runtime
POI (5.1)
No
No
No
POI (4.2)
POI (5.2)
Yes
43
Advertisement
Table of Contents
