Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual
Page 92
80
Brocade Virtual ADX Administration Guide
53-1003249-01
Configuring TACACS or TACACS+ security
2
Example
In this example, the A-V pair -privlvl = 0 grants the user full read-write access. The value in the
-privlvl A-V pair is an integer that indicates the privilege level of the user. Possible values are 0 for
super-user level, 4 for port-config level, or 5 for read-only level. If a value other than 0, 4, or 5 is
specified in the -privlvl A-V pair, the default privilege level of 5 (read-only) is used. The -privlvl A-V
pair can also be embedded in the group configuration for the user. Refer to your TACACS+
documentation for the configuration syntax relevant to your server.
If the -privlvl A-V pair is not present, the Brocade Virtual ADX extracts the last A-V pair configured for
the Exec service that has a numeric value. The Brocade Virtual ADX uses this A-V pair to determine
the user’s privilege level.
Example
The attribute name in the A-V pair is not significant; the Brocade Virtual ADX uses the last one that
has a numeric value. However, the Brocade Virtual ADX interprets the value for a non-”-privlvl” A-V
pair differently than it does for a “-privlvl” A-V pair. The following table lists how the Brocade Virtual
ADX associates a value from a non-”-privlvl” A-V pair with a Brocade privilege level.
In the example above, the A-V pair configured for the Exec service is privlvl = 15. The Brocade
Virtual ADX uses the value in this A-V pair to set the user’s privilege level to 0 (super-user), granting
the user full read-write access.
In a configuration that has both a “-privlvl” A-V pair and a non-”-privlvl” A-V pair for the Exec service,
the non-”-privlvl” A-V pair is ignored.
TABLE 8
Brocade equivalents for non-“-privlvl” A-V pair values
Value for non-“-privlvl” A-V Pair
Brocade privilege level
15
0 (super-user)
From 14 – 1
4 (port-config)
Any other number or 0
5 (read-only)
user=bob {
default service = permit
member admin
#Global password
global = cleartext "cat"
service = exec {
-privlvl = 0
}
}
user=bob {
default service = permit
member admin
#Global password
global = cleartext "cat"
service = exec {
privlvl = 15
}
}