Download Cisco MGX-FRSM-2CT3 Specifications

Transcript
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
Configuring the Default Privilege Level
The default privilege level applies when the AAA server authenticates a user and no privilege level has
been configured for or is available for that user. To set the default privilege level, enter the cnfaaa-priv
command using the following format:
M8850_LA.7.PXM.a > cnfaaa-priv
<CISCO_GP|SERVICE_GP|SUPER_GP|GROUP1|ANYUSER|NOUSER_GP|default>
With two exceptions, the available privilege levels are the same as those described in the “Configuring
User Access” section of Chapter 2, “Configuring General Switch Features.” The exceptions are the
NOUSER_GP and default privilege levels, which deny access to all commands. The default value
assigned to the default privilege level is NOUSER_GP.
Note
When the default privilege level is set to NOUSER_GP or default, user access to the switch is blocked
because the user is not allowed to execute any commands.
Configuring the Prompt Override Option
The prompt override option allows you to choose the prompt used during authentication. The switch
prompt is the prompt that the switch displays when an AAA server is not in use. You can override this
selection with an access control server (ACS) prompt supplied by the AAA server. If you choose the
AAA server prompt and the server does not provide a prompt, the switch prompt appears.
The default prompt configuration selects the switch prompt. To change the prompt section, enter the
cnfaaa-prompt command as follows:
M8850_LA.7.PXM.a >
cnfaaa-prompt <switch | acs | default>
The default parameter produces the same result as choosing acs, which selects the AAA server prompt.
Specify switch to select the switch prompt.
Caution
If your installation uses scripts that expect the switch prompt, using the AAA server prompt can make
those scripts inoperable.
Configuring User Authentication on the Switch
Cisco MGX Release 5 switches support three different authentication methods for user access. These
methods are described next to the keywords that select them in Table 9-30.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-66
Release 5.1, Part Number OL-6482-01, Rev. A0, January 25, 2005