Dell FCX624-I Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 1177
53-1002266-01
Configuring TACACS/TACACS+ security
32
service = exec {
privlvl = 15
}
}
The attribute name in the A-V pair is not significant; the Dell PowerConnect device uses the last one
that has a numeric value. However, the Dell PowerConnect device interprets the value for a
non-”foundry-privlvl” A-V pair differently than it does for a “foundry-privlvl” A-V pair. The following
table lists how the Dell PowerConnect device associates a value from a non-”foundry-privlvl” A-V
pair with a Dell PowerConnect privilege level.
In the example above, the A-V pair configured for the Exec service is privlvl = 15. The Dell
device uses the value in this A-V pair to set the user privilege level to 0 (super-user), granting the
user full read-write access.
In a configuration that has both a “foundry-privlvl” A-V pair and a non-”foundry-privlvl” A-V pair for
the Exec service, the non-”foundry-privlvl” A-V pair is ignored.
Example
user=bob {
default service = permit
member admin
#Global password
global = cleartext "cat"
service = exec {
foundry-privlvl = 4
privlvl = 15
}
}
In this example, the user would be granted a privilege level of 4 (port-config level). The privlvl =
15 A-V pair is ignored by the Dell PowerConnect device.
If the TACACS+ server has no A-V pair configured for the Exec service, the default privilege level of 5
(read-only) is used.
Configuring command authorization
When TACACS+ command authorization is enabled, the Dell PowerConnect device consults a
TACACS+ server to get authorization for commands entered by the user.
You enable TACACS+ command authorization by specifying a privilege level whose commands
require authorization. For example, to configure the Dell PowerConnect device to perform
authorization for the commands available at the Super User privilege level (that is, all commands
on the device), enter the following command.
PowerConnect(config)#aaa authorization commands 0 default tacacs+
Syntax: aaa authorization commands <privilege-level> default tacacs+ | radius | none
The <privilege-level> parameter can be one of the following:
TABLE 202 Dell equivalents for non-“foundry-privlvl” A-V pair values
Value for non-“foundry-privlvl” A-V pair Dell privilege level
15 0 (super-user)
From 14 – 1 4 (port-config)
Any other number or 0 5 (read-only)