Configuring Tacacs+ Authorization - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.7.02
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
Entering privileged EXEC mode after a Telnet or SSH login
By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.
BigIron RX(config)# aaa authentication login privilege-mode
Syntax: aaa authentication login privilege-mode
The user's privilege level is based on the privilege level granted during login.
Configuring Enable authentication to prompt for password only
If Enable authentication is configured on the device, by default, a user is prompted for a username
(up to 255 characters) and password when the user attempts to gain Super User access to the
Privileged EXEC and CONFIG levels of the CLI. You can configure the Brocade device to prompt only
for a password. The device uses the username entered at login, if one is available. If no username
was entered at login, the device prompts for both username and password.
To configure the device to prompt only for a password when a user attempts to gain Super User
access to the Privileged EXEC and CONFIG levels of the CLI.
BigIron RX(config)# aaa authentication enable implicit-user
Syntax: [no] aaa authentication enable implicit-user
Telnet/SSH prompts when the TACACS+ server is unavailable
When TACACS+ is the first method in the authentication method list, the device displays the login
prompt received from the TACACS+ server. If a user attempts to login through Telnet or SSH, but
none of the configured TACACS+ servers are available, the following takes place:
•
•
Configuring TACACS+ authorization
The device supports TACACS+ authorization for controlling access to management functions in the
CLI. Two kinds of TACACS+ authorization are supported:
•
•
Configuring Exec authorization
When TACACS+ exec authorization is performed, the device consults a TACACS+ server to
determine the privilege level of the authenticated user.
BigIron RX Series Configuration Guide
53-1001810-01
If the next method in the authentication method list is "enable", the login prompt is skipped,
and the user is prompted for the Enable password (that is, the password configured with the
enable super-user-password command).
If the next method in the authentication method list is "line", the login prompt is skipped, and
the user is prompted for the Line password (that is, the password configured with the enable
telnet password command).
Exec authorization determines a user's privilege level when they are authenticated
Command authorization consults a TACACS+ server to get authorization for commands entered
by the user
Configuring TACACS/TACACS+ security
4
89
Advertisement
Table of Contents
