Configuring Tacacs+ Authorization - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
4
Configuring TACACS and TACACS+ security
BigIron RX(config)# aaa authentication enable implicit-user
Syntax: [no] aaa authentication enable implicit-user
Telnet/SSH prompts when the TACACS+ server is unavailable
When TACACS+ is the first method in the authentication method list, the device displays the login
prompt received from the TACACS+ server. If a user attempts to login through Telnet or SSH, but
none of the configured TACACS+ servers are available, the following takes place:
•
•
Configuring TACACS+ authorization
The device supports TACACS+ authorization for controlling access to management functions in the
CLI. Two kinds of TACACS+ authorization are supported:
•
•
Configuring Exec authorization
When TACACS+ exec authorization is performed, the device consults a TACACS+ server to
determine the privilege level of the authenticated user.
To configure TACACS+ exec authorization on the device, enter the following command.
BigIron RX(config)# aaa authorization exec default tacacs+
Syntax: aaa authorization exec default tacacs+ | radius | none
If you specify none, or omit the aaa authorization exec command from the device's configuration,
no exec authorization is performed.
A user's privilege level is obtained from the TACACS+ server in the "foundry-privlvl" A-V pair. If the
aaa authorization exec default tacacs command exists in the configuration, the device assigns the
user the privilege level specified by this A-V pair. If the command does not exist in the configuration,
then the value in the "foundryprivlvl" A-V pair is ignored, and the user is granted Super User access.
NOTE
If the aaa authorization exec default tacacs+ command exists in the configuration, following
successful authentication the device assigns the user the privilege level specified by the
"foundry-privlvl" A-V pair received from the TACACS+ server. If the aaa authorization exec default
tacacs+ command does not exist in the configuration, then the value in the "foundry-privlvl" A-V pair
is ignored, and the user is granted Super User access.
92
If the next method in the authentication method list is "enable", the login prompt is skipped,
and the user is prompted for the Enable password (that is, the password configured with the
enable super-user-password command).
If the next method in the authentication method list is "line", the login prompt is skipped, and
the user is prompted for the Line password (that is, the password configured with the enable
telnet password command).
Exec authorization determines a user's privilege level when they are authenticated
Command authorization consults a TACACS+ server to get authorization for commands entered
by the user
BigIron RX Series Configuration Guide
53-1002253-01
Advertisement
Table of Contents
