Kentrox AI296 User Manual

Page 267

Advertising
background image

AI296 Version 9.8x User’s Guide

AI296 Commands: aaa

9-9

profile

Associates a custom profile with a privilege level or range of privilege
levels. The following rules apply:

z

TACACS+ privilege levels range from 0 to 15.

z

Custom profiles can be associated with privilege levels 2 through
14.

z

Privilege levels 2 through 14 default to the management system
profile.

z

Privilege levels 0, 1, and 15 are reserved for the Status,
Management, and Supervisor system profiles (respectively).



Note: For information on creating custom profiles, refer to command

profile on page 9-76

.

Privilege levels are used only if the authorization method is set to

priv-lvl

. The only exception to this occurs under all of the following

conditions:
1. The authentication server returns a privilege level.

2. The authorization server cannot be reached.

3. The authorization is set to per-command and fallback is enabled.



Note: For information on configuring the authorization method, refer

to command

aaa author

.

The following parameters are accepted:

z

default

—Removes the association between a range of privilege

levels and a profile.

z

priv_range

—Defines the range of privilege levels that will be

associated with the profile. Individual values are separated by
commas (,) and hyphens (-). For example,

1,4-6

specifies privilege

levels 1, 4, 5, and 6.

z

profile_name

—Specifies the name of an existing profile.

retry

Configures the number of consecutive connection attempts that are
made to a TACACS+ server before the attempt fails. Consecutive
attempts are only made if the TACACS+ server responds but refuses a
connection. If no response is received from a TACACS+ server before
the configured timeout period, then no further connection attempts are
made. For information on configuring the timeout period, refer to
command

aaa on page 9-6

.

The following parameters are accepted:

z

retry_count

—Defines the number of consecutive connection

attempts that are made. Valid values are 1 to 100.

z

default

—Resets the number of connection attempts to the default

value.

Advertising
Popular Brands
Popular manuals