Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

The following conguration example applies a method list other than default to each VTY line.

NOTE: Note that the methods were not applied to the console so the default methods (if congured) are applied there.

!

line console 0

exec-timeout 0 0

line vty 0

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 1

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 2

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 3

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 4

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 5

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 6

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 7

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 8

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 9

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

!

Conguring TACACS+ and RADIUS VSA Attributes for RBAC

For RBAC and privilege levels, the Dell EMC Networking OS RADIUS and TACACS+ implementation supports two vendor-specic options:

privilege level and roles. The Dell EMC Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled

“Force10-avpair”. The value is a string in the following format:

protocol : attribute sep value

“attribute” and “value” are an attribute-value (AV) pair dened in the Dell EMC Networking OS TACACS+ specication, and “sep” is “=”.

These attributes allow the full set of features available for TACACS+ authorization and are authorized with the same attributes for RADIUS.

Example for Conguring a VSA Attribute for a Privilege Level 15

The following example congures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have

access to EXEC commands.

Security

811