DELL N3000 Manual Do Utilizador
Configuring Authentication, Authorization, and Accounting
227
Authorization Examples
Authorization allows the administrator to control which services a user is
allowed to access. Some of the things that can be controlled with
authorization include the user's initial privilege level and which commands
the user is allowed to execute. When authorization fails, the user is denied
access to the switch, even though the user has passed authentication.
The following examples assume that the configuration used in the previous
The following examples assume that the configuration used in the previous
examples has already been applied.
Local Authorization Example—Direct Login to Privileged EXEC Mode
Apply the following configuration to use the local user database for
authorization, such that a user can enter privileged EXEC mode directly:
aaa authorization exec “locex” local
line telnet
authorization exec locex
exit
With the users that were previously configured, the guest user will still log
into user EXEC mode, since the guest user only has privilege level 1 (the
default). The admin user will be able to login directly to privileged EXEC
mode since his privilege level was configured as 15.
TACACS+ Authorization Example—Direct Login to Privileged EXEC
Mode
Apply the following configuration to use TACACS+ for authorization, such
that a user can enter privileged EXEC mode directly:
aaa authorization exec “tacex” tacacs
line telnet
authorization exec tacex
exit
Configure the TACACS+ server so that the shell service is enabled and the
priv-lvl attribute is sent when user authorization is performed. For example:
shell:priv-lvl=15
The following describes each line in the above configuration:
shell:priv-lvl=15
The following describes each line in the above configuration: