Quick Reference Guide
888 PowerConnect B-Series TI24X Configuration Guide
53-1002269-02
Configuring TACACS/TACACS+ security
26
If the foundry-privlvl A-V pair is not present, the device extracts the last A-V pair configured for the
Exec service that has a numeric value. The device uses this A-V pair to determine the user privilege
level.
Example
user=bob {
default service = permit
member admin
#Global password
global = cleartext "cat"
service = exec {
priv-lvl = 15
}
}
The attribute name in the A-V pair is not significant; the device uses the last one that has a numeric
value. However, the device interprets the value for a non-”foundry-privlvl” A-V pair differently than it
does for a “foundry-privlvl” A-V pair. The following table lists how the device associates a value from
a non-”foundry-privlvl” A-V pair with a privilege level.
In the example above, the A-V pair configured for the Exec service is priv-lvl = 15. The device
uses the value in this A-V pair to set the user privilege level to 0 (super-user), granting the user full
read-write access.
In a configuration that has both a “foundry-privlvl” A-V pair and a non-”foundry-privlvl” A-V pair for
the Exec service, the non-”foundry-privlvl” A-V pair is ignored.
Example
user=bob {
default service = permit
member admin
#Global password
global = cleartext "cat"
service = exec {
foundry-privlvl = 4
priv-lvl = 15
}
}
In this example, the user would be granted a privilege level of 4 (port-config level). The priv-lvl
= 15 A-V pair is ignored by the device.
If the TACACS+ server has no A-V pair configured for the Exec service, the default privilege level of 5
(read-only) is used.
Configuring command authorization
When TACACS+ command authorization is enabled, the device consults a TACACS+ server to get
authorization for commands entered by the user.
TABLE 138 Dell equivalents for non-“foundry-privlvl” A-V pair values
Value for non-“foundry-privlvl” A-V pair Dell privilege level
15 0 (super-user)
From 14 – 1 4 (port-config)
Any other number or 0 5 (read-only)