Tue Feb 26 16:49:21 2008 [16476]: verify: login cleartext authentication
successful
Tue Feb 26 16:49:21 2008 [16476]: default_fn: login query for 'ro' unknown-
port from 10.10.50.5 accepted
Tue Feb 26 16:49:21 2008 [16477]: Start authorization request
Tue Feb 26 16:49:21 2008 [16477]: do_author: user 'ro' found
Tue Feb 26 16:49:21 2008 [16477]: exec authorization request for ro
Tue Feb 26 16:49:21 2008 [16477]: exec is explicitly permitted by line 97
Tue Feb 26 16:49:21 2008 [16477]: author_svc: nas:service=shell (passed thru)
Tue Feb 26 16:49:21 2008 [16477]: author_svc: nas:cmd* (passed thru)
Tue Feb 26 16:49:21 2008 [16477]: author_svc: nas:absent, server:priv-lvl=1 -
> add priv-lvl=1 (k)
Tue Feb 26 16:49:21 2008 [16477]: author_svc: added 1 args
Tue Feb 26 16:49:21 2008 [16477]: author_svc: out_args[0] = service=shell
input copy discarded
Tue Feb 26 16:49:21 2008 [16477]: author_svc: out_args[1] = cmd* input copy
discarded
Tue Feb 26 16:49:21 2008 [16477]: author_svc: out_args[2] = priv-lvl=1
compacted to out_args[0]
Tue Feb 26 16:49:21 2008 [16477]: author_svc: 1 output args
Tue Feb 26 16:49:21 2008 [16477]: authorization query for 'ro' unknown from
10.10.50.5 accepted
Please note this version of TACACS+ does not support any other TACACS+ arguments in
authorization requests, such as cmd, cmd-arg, acl, zonelist, addr, routing, and so on. If you
attempt to configure any argument in authorization requests (other than access level and
privilege level), the TACACS+ request is dropped by the switch and an error is recorded to
system log
Log file on TACACS+ client
CPU5 [02/26/08 16:54:56] SW INFO TACACS+ authentication succeeded
CPU5 [02/26/08 16:54:56] SW INFO user ro connected from 10.10.50.10 via telnet
CPU5 [02/26/08 16:55:09] SW INFO Closed telnet connection from IP 10.10.50.10, user
ro
Authentication, Authorization and Accounting (AAA) for ERS and ES
November 2010
Technical Configuration Guide
avaya.com
56