Manualshelf

Reference Guide

ManualsBrandsDell ManualsComputer equipmentNetworking Z9500
651652653654655656657658659660
exec-timeout 0 0
line vty 0
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 1
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 2
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 3
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 4
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 5
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 6
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 7
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 8
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
line vty 9
login authentication ucraaa
authorization exec ucraaa
accounting commands role netadmin ucraaa
!
Configuring TACACS+ and RADIUS VSA Attributes for RBAC
For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific
options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string,
which is titled Force10-avpair. The value is a string in the following format:
protocol : attribute sep value
attribute and value are an attribute-value (AV) pair defined in the Dell Network OS TACACS+ specification, and sep is =.
These attributes allow the full set of features available for TACACS+ authorization and are authorized with the same attributes
for RADIUS.
Example for Configuring a VSA Attribute for a Privilege Level 15
The following example configures an AV pair which allows a user to login from a network access server with a privilege level of
15, to have access to EXEC commands.
The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl=<number> where number is a value
between 0 and 15.
Force10-avpair= shell:priv-lvl=15
Example for Creating a AVP Pair for System Defined or User-Defined Role
The following section shows you how to create an AV pair to allow a user to login from a network access server to have access
to commands based on the users role. The format to create an AV pair for a user role is Force10-
avpair= shell:role=<user-role> where user-role is a user defined or system-defined role.
658
Security