Filter
Top Products
Configuring Authentication, Authorization, and Accounting 229
TACACS+ Authorization Example—Custom Administrative Profile
This example creates a custom profile that allows the user to control user
access to the switch by configuring a administrative profile that only allows
access to AAA related commands. Use the following commands to create the
administrative profile:
admin-profile aaa
rule 99 permit command “^show aaa .*”
rule 98 permit command “^show authentication .*”
rule 97 permit command "^show authorization .*”
rule 96 permit command “^show accounting .*”
rule 95 permit command “^show tacacs .*”
rule 94 permit command “^aaa .*”
rule 93 permit command “^line .*”
rule 92 permit command “^login .*”
rule 91 permit command “^authorization .*”
rule 90 permit command “^accounting .*”
rule 89 permit command “^configure .*”
rule 88 permit command “^password .*”
rule 87 permit command “^username .*”
rule 86 permit command “^show user.*"
rule 85 permit command “^radius-server .*”
rule 84 permit command “^tacacs-server .*”
rule 83 permit mode radius-auth-config
rule 82 permit mode radius-acct-config
rule 81 permit mode tacacs-config
exit
The following describes each line in the above configuration:
•The
admin-profile aaa
command will create an administrative profile call
aaa and place the user in admin-profile-config mode.
•Each
rule
number
permit command
regex
command allows any
command that matches the regular expression.
•Each
rule
number
permit mode
mode-name
command allows all
commands in the named mode.
• The command rules use regular expressions as implemented by Henry
Spencer's regex library (the POSIX 1003.2 compliant version). In the
regular expressions used in this example, the caret (^) matches the null