Netgear M4300-24X24F (XSM4348S) - Stackable Managed Switch with 48x10G including 24x10GBASE-T and 24xSFP+ Layer 3 Guia Do Administrador
Security Management
359
Managed Switches
Privileged Exec Command Mode Authorization
Authorization determines if a user is authorized to perform certain activities such entering
privileged EXEC commands.
When user command authentication succeeds, the user receives access to the user EXEC
mode. You can also provide a user direct access to the privileged EXEC mode by using the
EXEC authorization method.
mode. You can also provide a user direct access to the privileged EXEC mode by using the
EXEC authorization method.
If the EXEC authorization method uses a TACACS+ authorization server, a separate session
is established with the TACACS+ server to return the authorization attributes.
is established with the TACACS+ server to return the authorization attributes.
If the EXEC authorization method uses a RADIUS authorization server, service–type
attribute 6 or Cisco vendor-specific attribute (VSA) “shell:priv-lvl” is used. If the service-type
attribute value is returned as administrator or the Cisco VSA “shell:priv-lvl” is at least
FD_USER_MGR_ADMIN_ACCESS_LEVEL(15), the user receives access to the privileged
EXEC mode.
attribute 6 or Cisco vendor-specific attribute (VSA) “shell:priv-lvl” is used. If the service-type
attribute value is returned as administrator or the Cisco VSA “shell:priv-lvl” is at least
FD_USER_MGR_ADMIN_ACCESS_LEVEL(15), the user receives access to the privileged
EXEC mode.
Because the RADIUS protocol does not support authorization, the privilege level attribute
must be returned with the authentication response. If the service-type attribute is already
present in RADIUS response packet as administrator, the Cisco VSA “shell:priv-lvl” is
ignored.
must be returned with the authentication response. If the service-type attribute is already
present in RADIUS response packet as administrator, the Cisco VSA “shell:priv-lvl” is
ignored.
CLI Example 1: Configure EXEC Authorization by a TACACS+
Server
Server
The following example shows how to use the CLI to configure command authorization by a
TACACS+ server for a Telnet user and allow the user to access privileged EXEC mode
directly.
TACACS+ server for a Telnet user and allow the user to access privileged EXEC mode
directly.
1.
Change the authentication mode for Telnet users to TACACS.
(Netgear Switch)(Config)#aaa authentication login "networkList" tacacs