passes enable authentication, the user is permitted access to all commands.
This is also true if none of the Administrative Profiles provided are configured
on the switch.
RADIUS and TACACS+
The network administrator may configure a custom attribute to be provided
by the server during authentication. The RADIUS and TACACS+
applications process this custom attribute and provide this data to the User
Manager for configuring the user profile.
The custom attribute is defined as:
cisco-av-pair=shell:roles="roleA roleB ..."
Commands in this Section
This section explains the following commands:
admin-profile
description (Administrative Profile
Configuration)
rule
admin-profile
Use the admin-profile command in Global Configuration mode to create an
administrative profile. The system-defined administrative profiles cannot be
deleted. When creating a profile, the user is placed into Administrative
Profile Configuration mode.
Use the no form of the command to delete an administrative profile and all
its rules.
Syntax
admin-profile profile-name
no admin-profile profile-name
•
profile-name—The name of the profile to create or delete. Range: 1 to 16
alphanumeric characters – may also include a hyphen.
show admin-profiles
show admin-profiles brief
show cli modes
Security Commands
884