Administrator Guide

ManualsBrandsDell ManualsserversDell Force10 MXL Blade

701

702

703

704

705

706

707

708

709

710

Dell(conf)#do show role mode configure line

Role access:sysadmin

Example: Grant and Remove Security Administrator Access to Congure Protocols

By default, the system dened role, secadmin, is not allowed to congure protocols. The following example rst grants the

secadmin role to congure protocols and then removes access to congure protocols.

Dell(conf)#role configure addrole secadmin protocol

Dell(conf)#role configure deleterole secadmin protocol

Example: Resets Only the Security Administrator role to its original setting.

The following example resets only the secadmin role to its original setting.

Dell(conf)#no role configure addrole secadmin protocol

Example: Reset System-Dened Roles and Roles that Inherit Permissions

In the following example the command protocol permissions are reset to their original setting or one or more of the system-dened

roles and any roles that inherited permissions from them.

Dell(conf)#role configure reset protocol

Adding and Deleting Users from a Role

To create a user name that is authenticated based on a user role, use the username name password encryption-type password

role role-name command in CONFIGURATION mode.

Example

The following example creates a user name that is authenticated based on a user role.

Dell (conf) #username john password 0 password role secadmin

The following example deletes a user role.

NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to username that has a

privilege

Dell (conf) #no username john

The following example adds a user, to the secadmin user role.

Dell (conf)#username john role secadmin password 0 password

AAA Authentication and Authorization for Roles

This section describes how to congure AAA Authentication and Authorization for Roles.

Conguration Task List for AAA Authentication and Authorization for Roles

This section contains the following AAA Authentication and Authorization for Roles conguration tasks:

• Conguring AAA Authentication for Roles

• Conguring AAA Authorization for Roles

• Conguring TACACS+ and RADIUS VSA Attributes for RBAC

Congure AAA Authentication for Roles

Authentication services verify the user ID and password combination. Users with dened roles and users with privileges are

authenticated with the same mechanism. There are six methods available for authentication: radius, tacacs+, local, enable, line, and

none.

When role-based only AAA authorization is enabled, the enable, line, and none methods are not available. Each of these three

methods allows users to be veried with either a password that is not specic to their user ID or with no password at all. Because of

706

Security