Configuring command authorization – Brocade BigIron RX Series Configuration Guide User Manual

Page 165

Advertising
background image

BigIron RX Series Configuration Guide

87

53-1002484-04

Configuring TACACS and TACACS+ security

3

In this example, the user would be granted a privilege level of 4 (port-config level). The

privlvl =

15

A-V pair is ignored by the BigIron RX.

If the TACACS+ server has no A-V pair configured for the Exec service, the default privilege level of 5
(read-only) is used.

Configuring command authorization

When TACACS+ command authorization is enabled, the BigIron RX consults a TACACS+ server to
get authorization for commands entered by the user.

You enable TACACS+ command authorization by specifying a privilege level whose commands
require authorization. For example, to configure the BigIron RX to perform authorization for the
commands available at the Super User privilege level (that is, all commands on the device), enter
the following command.

BigIron RX(config)# aaa authorization commands 0 default tacacs+

Syntax: aaa authorization commands <privilege-level> default tacacs+ | radius | none

The <privilege-level> parameter can be one of the following:

0 – Authorization is performed for commands available at the Super User level (all commands)

4 – Authorization is performed for commands available at the Port Configuration level
(port-config and read-only commands)

5 – Authorization is performed for commands available at the Read Only level (read-only
commands)

NOTE

TACACS+ command authorization can be performed only for commands entered from Telnet or SSH
sessions, or from the console. No authorization is performed for commands entered at the Web
Management Interface or Brocade Network Advisor.

TACACS+ command authorization is not performed for the following commands:

At all levels: exit, logout, end, and quit.

At the Privileged EXEC level: enable or enable <text>, where <text> is the password configured
for the Super User privilege level.

If configured, command accounting is performed for these commands.

AAA support for console commands

To enable AAA support for commands entered at the console, enter the following command.

BigIron RX(config)# enable aaa console

Syntax: [no] enable aaa console

NOTE: AAA support for commands entered at the console can include the following:

Login prompt that uses AAA authentication, using authentication-method lists

Exec Authorization

Exec Accounting

System Accounting

Advertising
Popular Brands
Popular manuals