Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring Switch Authentication Features (Rev. 03)
User Privilege Levels with CLI
© 2008 Foundry Networks, Inc.
Page 8 of 70
key = TacacsPlus
# Use /etc/shadow file to do authentication
default authentication = file /etc/shadow
# Where the accounting records should go to
accounting file = /var/log/tac_acc.log
#The default user. If absent, each user must have “service=exec”
# statement
# in order to be granted authorization for shell login request.
user = DEFAULT {
default service = permit
}
# Profiles for user accounts
# user ivo – priv. level 3 converted internally by the switch
# to 12 (privilege group Users)
user = ivo {
login = cleartext ivo123
service=exec
{
priv-lvl = 3
}
}
# user “root” – priv. level 15 converted internally by the switch
# to 0 (privilege group Administrators)
user = root {
login = cleartext rtpsw
service=exec
{
priv-lvl = 15
}
}
authentication is an alternative to RADIUS authentication (for more information see
and RADIUS)
. For more information regarding the contents of a server
configuration file, please refer to the
Configuration Examples.
NOTE
Privilege levels in the server configuration file (0-15) are arranged in
ascending order, from 0 for the lowest privilege (Guest level) to 15 for the highest
privilege (an Administrator). The compatibility with the device internal privilege
scheme is automatically performed by internally reversing the level received from
the configuration file for a user being authorized, thus matching the internal
privilege scheme.