Radius Authorization Example-Direct Login To Privileged Exec Mode - Dell Networking N4000 Series Configuration Manual

profiles and per-command authorization are configured for a user, any
command must be permitted by both the administrative profiles and by per-
command authorization.
RADIUS Authorization Example—Direct Login to Privileged EXEC Mode
Apply the following configuration to use RADIUS for authorization, such that
a user can enter privileged exec mode directly:
aaa authorization exec "rad" radius
line telnet
authorization exec rad
exit
Configure the RADIUS server so that the RADIUS attribute Service Type (6)
is sent with value Administrative. Any value other than Administrative is
interpreted as privilege level 1.
The following describes each line in the above configuration:
• The aaa authorization exec "rad" radius command creates an exec
authorization method list called "rad" that contains the method radius.
• The authorization exec rad command assigns the rad exec authorization
method list to be used for users accessing the switch via Telnet.
Notes:
• If the privilege level is zero (that is, blocked), then authorization will fail
and the user will be denied access to the switch.
• If the privilege level is higher than one, the user will be placed directly in
Privileged EXEC mode. Note that all commands in Privileged EXEC mode
require privilege level 15, so assigning a user a lower privilege level will be
of no value.
• A privilege level greater than 15 is invalid and treated as if privilege level
zero had been supplied.
Configuring Authentication, Authorization, and Accounting
231