Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
51525354555657585960
40 ServerIron ADX Administration Guide
53-1002434-01
Configuring access control
1
Enhancing access privileges
You can augment the default access privileges for an access level. When you configure a user
account, you can give the account one of three privilege levels: full access, port-configuration
access, and read-only access. Each privilege level provides access to specific areas of the CLI by
default:
Full access provides access to all commands and displays.
Port-configuration access gives access to:
The User EXEC and Privileged EXEC levels, and the port-specific parts of the CONFIG level
All interface configuration levels
Read-only access gives access to:
The User EXEC and Privileged EXEC levels
To enhance the port-configuration privilege level so users also can enter ip commands at the global
CONFIG level (useful for adding IP addresses for multinetting), enter a command such as the
following.
ServerIronADX(config)#privilege configure level 4 ip
This command specifies that the enhanced access is for a command at the global CONFIG level of
the CLI. The level 4 parameter indicates that the enhanced access is for privilege level 4
(port-configuration). All users with port-configuration privileges will have the enhanced access. The
ip parameter indicates that the enhanced access is for the IP commands. Users who log in with
valid port-configuration level user names and passwords can enter commands that begin with “ip”
at the global CONFIG level.
Syntax: [no] privilege <cli-level> level <privilege-level> <command-string>
The <cli-level> parameter specifies the CLI level and can be one of the following values:
exec – EXEC level; for example, ServerIronADX> or ServerIronADX#
configure – CONFIG level; for example, ServerIronADX(config)#
interface – interface level; for example, ServerIronADX(config-if-6)#
port-vlan – port-based VLAN level; for example, ServerIronADX(config-vlan)#
protocol-vlan – protocol-based VLAN level; for example, ServerIronADX(config-vlan)#
The <privilege-level> parameter indicates the privilege level you are augmenting.
The level parameter specifies the privilege-level. You can specify one of the following:
0 – Full access (super-user)
4 – Port-configuration access
5 – Read-only access
The <command-string> parameter specifies the command you are allowing users with the
specified privilege level to enter. To display a list of the commands at a CLI level, enter “?” at that
level's command prompt and press Return.