Netgear M5300-28G3 (GSM7328Sv2h2) - ProSAFE 24+4 Gigabit Ethernet L3 Managed Stackable Switch 管理者ガイド
Security Management
402
Managed Switches
Authorization
Authorization determines if a user is authorized to perform certain activities, including user
EXEC command authorization and privileged EXEC command authorization.
Command Authorization
TACACS+ servers support command authorization. The RADIUS protocol does not support
command authorization but you can use a vendor-specific attribute (VSA) with attribute value
(AV) pair 26 to download a list of commands that are permitted or denied for a user. This list
of commands is downloaded from the RADIUS server. When a user executes a command,
the command is validated against the downloaded command list for the user. Any change in a
user command authorization access list takes effect after a user has logged on and logged in
again.
command authorization but you can use a vendor-specific attribute (VSA) with attribute value
(AV) pair 26 to download a list of commands that are permitted or denied for a user. This list
of commands is downloaded from the RADIUS server. When a user executes a command,
the command is validated against the downloaded command list for the user. Any change in a
user command authorization access list takes effect after a user has logged on and logged in
again.
The vendor-specific attribute netgear-cmdAuth is defined as follows:
VENDOR netgear 4526
ATTRIBUTE netgear-cmdAuth 1 string netgear
Specify the command in the following format.
netgear-cmdAuth = "deny:spanning-tree;interface *",
Note:
The maximum length of the command string in the vendor attribute
cannot be longer than 64 bytes. RADIUS- based command
authorization supports a maximum of 50 commands.
cannot be longer than 64 bytes. RADIUS- based command
authorization supports a maximum of 50 commands.
Note:
You can use both a TACACS+ server and a RADIUS server for
command authorization. If the first method of command authorization
returns an error, the second method is used for command
authorization.
command authorization. If the first method of command authorization
returns an error, the second method is used for command
authorization.