Support User Manuals

Dell S6000-ON Switch User Manual

Open as PDF

of 1100

NOTE: The authentication method list should be in the same order as the authorization

method list. For example, if you configure the authentication method list in the following order

(TACACS+, local), Dell Networking recommends that authorization method list is configured in

the same order (TACACS+, local).

4. Specify authorization method list (RADIUS, TACACS+, or Local). You must at least specify local

authorization.

For consistency, the best practice is to define the same authorization method list across all lines, in

the same order of comparison; for example VTY and console port.

You could also use the default authorization method list to apply to all the LINES (console port, VTY).

If you do not, the following error is displayed when you attempt to enable role-based only AAA

authorization.

% Error: Exec authorization must be applied to more than one line to be

useful, e.g. console and vty lines. Could use default authorization method

list as alternative.

5. Verify the configuration has been applied to the console or VTY line.

Dell (conf)#do show running-config line

!

line console 0

login authentication test

authorization exec test

exec-timeout 0 0

line vty 0

login authentication test

authorization exec test

line vty 1

login authentication test

authorization exec test

To enable role-based only AAA authorization:

Dell(conf)#aaa authorization role-only

System-Defined RBAC User Roles

By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8

additional user roles.

NOTE: You cannot delete any system defined roles.

The system defined user roles are as follows:

• Network Operator (netoperator) - This user role has no privilege to modify any configuration on the

switch. You can access Exec mode (monitoring) to view the current configuration and status

information.

• Network Administrator (netadmin): This user role can configure, display, and debug the network

operations on the switch. You can access all of the commands that are available from the network

operator user role. This role does not have access to the commands that are available to the system

security administrator for cryptography operations, AAA, or the commands reserved solely for the

system administrator.

• Security Administrator (secadmin): This user role can control the security policy across the systems

that are within a domain or network topology. The security administrator commands include FIPS

828

Security

previous next