DELL N3000 User Manual

Configuring Authentication, Authorization, and Accounting

This example creates a custom profile that allows the user to control user 

access to the switch by configuring a administrative profile that only allows 

access to AAA related commands. Use the following commands to create the 

administrative profile:

admin-profile aaa

rule 99 permit command “^show aaa .*”

rule 98 permit command “^show authentication .*”

rule 97 permit command "^show authorization .*”

rule 96 permit command “^show accounting .*”

rule 95 permit command “^show tacacs .*”

rule 94 permit command “^aaa .*”

rule 93 permit command “^line .*”

rule 92 permit command “^login .*”

rule 91 permit command “^authorization .*”

rule 90 permit command “^accounting .*”

rule 89 permit command “^configure .*”

rule 88 permit command “^password .*”

rule 87 permit command “^username .*”

rule 86 permit command “^show user.*"

rule 85 permit command “^radius-server .*”

rule 84 permit command “^tacacs-server .*”

rule 83 permit mode radius-auth-config

rule 82 permit mode radius-acct-config

rule 81 permit mode tacacs-config

exit

The following describes each line in the above configuration:

• The admin-profile aaa command will create an administrative profile call 

aaa and place the user in admin-profile-config mode.

• Each rule 

number permit command regex command allows any 

command that matches the regular expression.

• Each 

number permit mode mode-name command allows all 

commands in the named mode.

• The command rules use regular expressions as implemented by Henry 

Spencer's regex library (the POSIX 1003.2 compliant version). In the 

regular expressions used in this example, the caret (^) matches the null