Dell PowerConnect B-RX Configuration Manual page 170
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
4
Configuring TACACS and TACACS+ security
In the example above, the A-V pair configured for the Exec service is
uses the value in this A-V pair to set the user's privilege level to 0 (super-user), granting the user full
read-write access.
In a configuration that has both a "foundry-privlvl" A-V pair and a non-"foundry-privlvl" A-V pair for
the Exec service, the non-"foundry-privlvl" A-V pair is ignored.
user=bob {
default service = permit
member admin
# Global password
global = cleartext "cat"
service = exec {
}
In this example, the user would be granted a privilege level of 4 (port-config level). The
A-V pair is ignored by the BigIron RX.
15
If the TACACS+ server has no A-V pair configured for the Exec service, the default privilege level of 5
(read-only) is used.
Configuring command authorization
When TACACS+ command authorization is enabled, the BigIron RX consults a TACACS+ server to
get authorization for commands entered by the user.
You enable TACACS+ command authorization by specifying a privilege level whose commands
require authorization. For example, to configure the BigIron RX to perform authorization for the
commands available at the Super User privilege level (that is, all commands on the device), enter
the following command.
BigIron RX(config)# aaa authorization commands 0 default tacacs+
Syntax: aaa authorization commands <privilege-level> default tacacs+ | radius | none
The <privilege-level> parameter can be one of the following:
•
•
•
NOTE
TACACS+ command authorization can be performed only for commands entered from Telnet or SSH
sessions, or from the console. No authorization is performed for commands entered at the Web
Management Interface or IronView Network Manager .
TACACS+ command authorization is not performed for the following commands:
•
•
If configured, command accounting is performed for these commands.
94
foundry-privlvl = 4
privlvl = 15
}
0 – Authorization is performed for commands available at the Super User level (all commands)
4 – Authorization is performed for commands available at the Port Configuration level
(port-config and read-only commands)
5 – Authorization is performed for commands available at the Read Only level (read-only
commands)
At all levels: exit, logout, end, and quit.
At the Privileged EXEC level: enable or enable <text>, where <text> is the password configured
for the Super User privilege level.
. The BigIron RX
privlvl = 15
privlvl =
BigIron RX Series Configuration Guide
53-1002253-01
Advertisement
Table of Contents
