Aaa Authorization; Privilege Levels Overview - Dell Force10 C150 Configuration Manual

Server-side configuration
TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service type
SVC_ENABLE, and then, a second packet with just the password. The TACACS server must have an
entry for username $enable$.
RADIUS: When using RADIUS authentication, FTOS sends an authentication packet with the following:
Username: $enab15$
Password: <password-entered-by-user>
Therefore, the RADIUS server must have an entry for this username.

AAA Authorization

FTOS enables AAA new-model by default.You can set authorization to be either local or remote. Different
combinations of authentication and authorization yield different results. By default, FTOS sets both to
local.

Privilege Levels Overview

Limiting access to the system is one method of protecting the system and your network. However, at times,
you might need to allow others access to the router and you can limit that access to a subset of commands.
In FTOS, you can configure a privilege level for users who need limited access to the system.
Every command in FTOS is assigned a privilege level of 0, 1 or 15. You can configure up to 16 privilege
levels in FTOS. FTOS is pre-configured with 3 privilege levels and you can configure 13 more. The three
pre-configured levels are:
• Privilege level 1—is the default level for the EXEC mode. At this level, you can interact with the
router, for example, view some show commands and Telnet and ping to test connectivity, but you
cannot configure the router. This level is often called the "user" level. One of the commands available
in Privilege level 1 is the
• Privilege level 0—contains only the
• Privilege level 15—the default level for the
access any command in FTOS.
Privilege levels 2 through 14 are not configured and you can customize them for different users and access.
After you configure other privilege levels, enter those levels by adding the level parameter after the
command or by configuring a user name or password that corresponds to the privilege level. Refer to
Configure a username and password on page 921
920 | Security
enable
command, which you can use to enter a specific privilege level.
end enable
, and
enable
for more information on configuring user names.
disable
commands.
command, is the highest level. In this level you can
enable