Radius Authorization Example-Direct Login To Privileged Exec Mode; Radius Authorization Example-Administrative Profiles - Dell Networking 7048 Configuration Manual

profiles and per-command authorization are configured for a user, any
command must be permitted by both the administrative profiles and by per-
command authorization.
RADIUS Authorization Example—Direct Login to Privileged EXEC Mode
Apply the following configuration to use RADIUS for authorization, such that
a user can enter privileged exec mode directly:
aaa authorization exec "rad" radius
line telnet
authorization exec rad
exit
Configure the RADIUS server so that the RADIUS attribute Service Type (6)
is sent with value Administrative. Any value other than Administrative is
interpreted as privilege level 1.
The following describes each line in the above configuration:
• The aaa authorization exec "rad" radius command creates
an exec authorization method list called "rad" that contains the method
radius.
• The authorization exec rad command assigns the rad exec
authorization method list to be used for users accessing the switch via
telnet.
Notes:
• If the privilege level is zero (that is, blocked), then authorization will fail
and the user will be denied access to the switch.
• If the privilege level is higher than one, the user will be placed directly in
Privileged EXEC mode. Note that all commands in Privileged EXEC mode
require privilege level 15, so assigning a user a lower privilege level will be
of no value.
• A privilege level greater than 15 is invalid and treated as if privilege level
zero had been supplied.
RADIUS Authorization Example—Administrative Profiles
The switch should use the same configuration as in the previous
authorization example.
Configuring Authentication, Authorization, and Accounting
189