Configuring command authorization – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 93

Advertising
background image

Brocade Virtual ADX Administration Guide

81

53-1003249-01

Configuring TACACS or TACACS+ security

2

Example

In this example, the user would be granted a privilege level of 4 (port-config level). The privlvl = 15
A-V pair is ignored by the Brocade Virtual ADX.

If the TACACS+ server has no A-V pair configured for the Exec service, the default privilege level of 5
(read-only) is used.

Configuring command authorization

When TACACS+ command authorization is enabled, the Brocade Virtual ADX consults a TACACS+
server to get authorization for commands entered by the user.

You enable TACACS+ command authorization by specifying a privilege level whose commands
require authorization. For example, to configure the Brocade Virtual ADX to perform authorization
for the commands available at the Super User privilege level (that is, all commands on the device),
enter the following command.

Virtual ADX(config)#aaa authorization commands 0 default tacacs+

Syntax: aaa authorization commands privilege-level default tacacs+ | radius | none

The privilege-level variable can be one of the following:

0 – Authorization is performed for commands available at the Super User level (all commands)

4 – Authorization is performed for commands available at the Port Configuration level
(port-config and read-only commands)

5 – Authorization is performed for commands available at the Read Only level (read-only
commands)

NOTE

TACACS+ command authorization can be performed only for commands entered from Telnet or SSH
sessions, or from the console. No authorization is performed for commands entered at the Web
Management Interface.

TACACS+ command authorization is not performed for the following commands:

At all levels: exit, logout, end, and quit.

At the Privileged EXEC level: enable or enable text, where text is the password configured for
the Super User privilege level.

If configured, command accounting is performed for these commands.

Command authorization and accounting for console commands
The Brocade Virtual ADX supports command authorization and command accounting for CLI
commands entered at the console. To configure the device to perform command authorization and
command accounting for console commands, enter the following.

user=bob {

default service = permit

member admin

#Global password

global = cleartext "cat"

service = exec {

-privlvl = 4

privlvl = 15

}

}

Advertising
Popular Brands
Popular manuals