Dell Z9000 Configuration Manual page 749
10/25/40/50/100gbe throughput
Hide thumbs
Also See for Z9000:
- Configuration manual (932 pages) ,
- Installing (52 pages) ,
- Manual (48 pages)
Table of Contents
Advertisement
When role-based only AAA authorization is enabled, the enable, line, and none methods are not
available. Each of these three methods allows users to be verified with either a password that is not
specific to their user ID or with no password at all. Because of the lack of security these methods are not
available for role only mode. When the system is in role-only mode, users that have only privilege levels
are denied access to the system because they do not have a role. For information about role only mode,
see
Configuring Role-based Only AAA Authorization.
NOTE: Authentication services only validate the user ID and password combination. To determine
which commands are permitted for users, configure authorization. For information about how to
configure authorization for roles, see
To configure AAA authentication, use the aaa authentication command in CONFIGURATION mode.
aaa authentication login {method-list-name | default} method [... method4]
Configure AAA Authorization for Roles
Authorization services determine if the user has permission to use a command in the CLI. Users with only
privilege levels can use commands in privilege-or-role mode (the default) provided their privilege level is
the same or greater than the privilege level of those commands. Users with defined roles can use
commands provided their role is permitted to use those commands. Role inheritance is also used to
determine authorization.
Users with roles and privileges are authorized with the same mechanism. There are six methods available
for authorization: radius, tacacs+, local, enable, line, and none.
When role-based only AAA authorization is enabled, the enable, line, and none methods are not
available. Each of these three methods allows users to be authorized with either a password that is not
specific to their userid or with no password at all. Because of the lack of security, these methods are not
available for role-based only mode.
To configure AAA authorization, use the aaa authorization exec command in CONFIGURATION
mode. The aaa authorization exec command determines which CLI mode the user will start in for
their session; for example, Exec mode or Exec Privilege mode. For information about how to configure
authentication for roles, see
aaa authorization exec {method-list-name | default} method [... method4]
You can further restrict users' permissions, using the aaa authorization command command in
CONFIGURATION mode.
aaa authorization command {method-list-name | default} method [... method4]
Examples of Applying a Method List
The following configuration example applies a method list: TACACS+, RADIUS and local:
!
radius-server host 10.16.150.203 key <clear-text>
!
tacacs-server host 10.16.150.203 key
!
aaa authentication login ucraaa tacacs+ radius local
aaa authorization exec ucraaa tacacs+ radius local
Security
Configure AAA Authorization for Roles.
Configure AAA Authentication for Roles.
<clear-text>
749
Advertisement
Table of Contents
Troubleshooting
