DELL N3000 User Manual

Configuring Authentication, Authorization, and Accounting

profiles and per-command authorization are configured for a user, any 

command must be permitted by both the administrative profiles and by per-

command authorization.

Apply the following configuration to use RADIUS for authorization, such that 

a user can enter privileged exec mode directly:

aaa authorization exec “rad” radius

line telnet

authorization exec rad

exit

Configure the RADIUS server so that the RADIUS attribute Service Type (6) 

is sent with value Administrative. Any value other than Administrative is 

interpreted as privilege level 1. 
The following describes each line in the above configuration:

• The aaa authorization exec “rad” radius command creates an exec 

authorization method list called “rad” that contains the method radius.

• The 

authorization exec rad command assigns the rad exec authorization 

method list to be used for users accessing the switch via Telnet.

• If the privilege level is zero (that is, blocked), then authorization will fail 

and the user will be denied access to the switch.

• If the privilege level is higher than one, the user will be placed directly in 

Privileged EXEC mode. Note that all commands in Privileged EXEC mode 

require privilege level 15, so assigning a user a lower privilege level will be 

of no value.

• A privilege level greater than 15 is invalid and treated as if privilege level 

zero had been supplied.