Tacacs+ Authorization Example-Administrative Profiles - Dell Networking 7048 Configuration Manual
Powerconnect 7000 series switch
Hide thumbs
Also See for Networking 7048:
- Release note (74 pages) ,
- Reference manual (1788 pages) ,
- Reference manual (17 pages)
Table of Contents
Advertisement
•
The aaa authorization exec "tacex" tacacs command
creates an exec authorization method list called tacex which contains the
method tacacs.
•
The authorization exec tacex command assigns the tacex exec
authorization method list to be used for users accessing the switch via
telnet.
Notes:
•
If the privilege level is zero (that is, blocked), then authorization will fail
and the user will be denied access to the switch.
•
If the privilege level is higher than one, the user will be placed directly in
Privileged EXEC mode. Note that all commands in Privileged EXEC mode
require privilege level 15, so assigning a user a lower privilege level will be
of no value.
•
A privilege level greater than 15 is invalid and treated as if privilege level
zero had been supplied.
•
The shell service must be enabled on the TACACS+ server. If this service
is not enabled, authorization will fail and the user will be denied access to
the switch.
TACACS+ Authorization Example—Administrative Profiles
The switch should use the same configuration as for the previous
authorization example.
The TACACS+ server should be configured such that it will send the "roles"
attribute. For example:
shell:roles=router-admin
The above example attribute will give the user access to the commands
permitted by the router-admin profile.
NOTE:
If the priv-lvl attribute is also supplied, the user can also be placed directly
into privileged EXEC mode.
186
Configuring Authentication, Authorization, and Accounting
- Quick Links:
- System Management Features
Hide quick links:
Advertisement
Table of Contents
