Filter
Top Products
68 Summit 200 Series Switch Installation and User Guide
Managing the Switch
Within the users configuration file, additional keywords are available for Profile-Name and
Extreme-CLI-Authorization. To use per-command authentication, enable the CLI authorization
function and indicate a profile name for that user. If authorization is enabled without specifying a valid
profile, the user is unable to perform any commands.
Next, define the desired profiles in an ASCII configuration file called profiles. This file contains
named profiles of exact or partial strings of CLI commands. A named profile is linked with a user
through the
users file. A profile with the permit on keywords allows use of only the listed commands.
A profile with the
deny keyword allows use of all commands except the listed commands.
CLI commands can be defined easily in a hierarchal manner by using an asterisk (*) to indicate any
possible subsequent entry. The parser performs exact string matches on other text to validate
commands. Commands are separated by a comma (,) or newline.
Looking at the following example content in profiles for the profile named PROFILE1, which uses the
deny keyword, the following attributes are associated with the user of this profile:
• Cannot use any command starting with enable.
• Cannot issue the disable ipforwarding command.
• Cannot issue a show switch command.
• Can perform all other commands.
We know from the users file that this applies to the users albert and lulu. We also know that eric is
able to log in, but is unable to perform any commands, because he has no valid profile assigned.
In PROFILE2, a user associated with this profile can use any enable command, the clear counter
command and the
show management command, but can perform no other functions on the switch. We
also know from the
users file that gerald has these capabilities.
The following lists the contents of the file users with support for per-command authentication:
user Password = ""
Filter-Id = "unlim"
admin Password = "", Service-Type = Administrative
Filter-Id = "unlim"
eric Password = "", Service-Type = Administrative, Profile-Name = ""
Filter-Id = "unlim"
Extreme:Extreme-CLI-Authorization = Enabled
albert Password = "", Service-Type = Administrative, Profile-Name =
"Profile1"
Filter-Id = "unlim"
Extreme:Extreme-CLI-Authorization = Enabled
lulu Password = "", Service-Type = Administrative, Profile-Name =
"Profile1"
Filter-Id = "unlim"
Extreme:Extreme-CLI-Authorization = Enabled
gerald Password = "", Service-Type = Administrative, Profile-Name "Profile2"
Filter-Id = "unlim"
Extreme:Extreme-CLI-Authorization = Enabled