Manualshelf

Administrator Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000
731732733734735736737738739740
Example for Configuring a VSA Attribute for a Privilege Level 15
The following example configures an AV pair which allows a user to login from a network access server
with a privilege level of 15, to have access to EXEC commands.
The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl=<number> where
number is a value between 0 and 15.
Force10-avpair= ”shell:priv-lvl=15
Example for Creating a AVP Pair for System Defined or User-Defined Role
The following section shows you how to create an AV pair to allow a user to login from a network access
server to have access to commands based on the user’s role. The format to create an AV pair for a user
role is Force10-avpair= ”shell:role=<user-role>“ where user-role is a user defined or system-
defined role.
In the following example, you create an AV pair for a system-defined role, sysadmin.
Force10-avpair= "shell:role=sysadmin"
In the following example, you create an AV pair for a user-defined role. You must also define a role, using
the userrole myrole inherit command on the switch to associate it with this AV pair.
Force10-avpair= ”shell:role=myrole“
The string, “myrole”, is associated with a TACACS+ user group. The user IDs are associated with the user
group.
Role Accounting
This section describes how to configure role accounting and how to display active sessions for roles.
This sections consists of the following topics:
Configuring AAA Accounting for Roles
Applying an Accounting Method to a Role
Displaying Active Accounting Sessions for Roles
Configuring AAA Accounting for Roles
To configure AAA accounting for roles, use the aaa accounting command in CONFIGURATION mode.
aaa accounting {system | exec | commands {level | role role-name}} {name |
default} {start-stop | wait-start | stop-only} {tacacs+}
Example of Configuring AAA Accounting for Roles
The following example shows you how to configure AAA accounting to monitor commands executed by
the users who have a secadmin user role.
Dell(conf)#aaa accounting command role secadmin default start-stop tacacs+
736
Security