Administrator Guide

Security Commands 902
passes enable authentication, the user is permitted access to all commands.
This is also true if none of the Administrative Profiles provided are configured
on the switch.
RADIUS and TACACS+
The network administrator may configure a custom attribute to be provided
by the server during authentication. The RADIUS and TACACS+
applications process this custom attribute and provide this data to the User
Manager for configuring the user profile.
The custom attribute is defined as:
cisco-av-pair=shell:roles=”roleA roleB …”
Commands in this Section
This section explains the following commands:
admin-profile
Use the admin-profile command in Global Configuration mode to create an
administrative profile. The system-defined administrative profiles cannot be
deleted. When creating a profile, the user is placed into Administrative
Profile Configuration mode.
Use the no form of the command to delete an administrative profile and all
its rules.
Syntax
admin-profile profile-name
no admin-profile profile-name
profile-name—The name of the profile to create or delete. Range: 1 to 16
alphanumeric characters – may also include a hyphen.
admin-profile show admin-profiles
description (Administrative Profile
Configuration)
show admin-profiles brief
rule show cli modes