Foundry Switch and Router Installation and Configuration Guide
3 - 26
December 2000
Configuring Exec Authorization
When exec authorization is performed, the Foundry device consults a server to determine
the privilege level of the authenticated user. To configure exec authorization on the Foundry device,
enter the following command:
BigIron(config)# aaa authorization exec default
Syntax:
aaa authorization exec default | none
Configuring an Attribute-Value Pair on the Server
During exec authorization, the server sends the Foundry device a response containing an A-
V (Attribute-Value) pair that specifies the privilege level of the user. When it receives the response, the Foundry
device extracts the first A-V pair configured for the Exec service and uses it to determine the user’s privilege level.
To set a user’s privilege level, you configure an A-V pair for the Exec service on the server that specifies
the user’s privilege level. For example:
user=bob {
default service = permit
member admin
# Global password
global = cleartext "cat"
service = exec {
privlvl = 0
}
}
In this example, the first A-V pair configured for the Exec service is
privlvl = 0
, which grants the user full read-
write access. The Attribute name in the A-V pair is not significant. The Value must be an integer (0, 4, or 5) that
indicates the privilege level of the user. When no privilege level is specified, the default privilege level of 5 (read-
only) is used. The A-V pair can also be embedded in the group configuration for the user. See your
documentation for the configuration syntax relevant to your server.
Configuring Command Authorization
When command authorization is enabled, the Foundry device consults a server to get
authorization for commands entered by the user.
You enable command authorization by specifying a privilege level whose commands require
authorization. For example, to configure the Foundry device to perform authorization for the commands available
at the Super User privilege level (that is, all commands on the device), enter the following command:
BigIron(config)# aaa authorization commands 0 default
Syntax:
aaa authorization commands <privilege-level> default | radius | none
The <privilege-level> parameter can be one of the following:
•
0
– Authorization is performed for commands available at the Super User level (all commands)
•
4
– Authorization is performed for commands available at the Port Configuration level (port-config and read-
only commands)
•
5
– Authorization is performed for commands available at the Read Only level (read-only commands)
NOTE:
command authorization is performed only for commands entered from Telnet or SSH
sessions. No authorization is performed for commands entered at the console, the Web management interface,
or IronView.
Summary of Contents for Switch and Router
Page 2: ...December 2000 Copyright 2000 by Foundry Networks Inc ...
Page 26: ...Foundry Switch and Router Installation and Configuration Guide xxvi December 2000 ...
Page 64: ...Foundry Switch and Router Installation and Configuration Guide 2 34 December 2000 ...
Page 162: ...Foundry Switch and Router Installation and Configuration Guide 5 38 December 2000 ...
Page 196: ...Foundry Switch and Router Installation and Configuration Guide 6 34 December 2000 ...
Page 208: ...Foundry Switch and Router Installation and Configuration Guide 7 12 December 2000 ...
Page 236: ...Foundry Switch and Router Installation and Configuration Guide 8 28 December 2000 ...
Page 258: ...Foundry Switch and Router Installation and Configuration Guide 9 22 December 2000 ...
Page 420: ...Foundry Switch and Router Installation and Configuration Guide 13 32 December 2000 ...
Page 442: ...Foundry Switch and Router Installation and Configuration Guide 14 22 December 2000 ...
Page 554: ...Foundry Switch and Router Installation and Configuration Guide 15 112 December 2000 ...
Page 574: ...Foundry Switch and Router Installation and Configuration Guide 16 20 December 2000 ...
Page 626: ...Foundry Switch and Router Installation and Configuration Guide 17 52 December 2000 ...
Page 682: ...Foundry Switch and Router Installation and Configuration Guide 18 56 December 2000 ...
Page 826: ...Foundry Switch and Router Installation and Configuration Guide 20 20 December 2000 ...
Page 994: ...Foundry Switch and Router Installation and Configuration Guide 26 10 December 2000 ...
Page 1004: ...Foundry Switch and Router Installation and Configuration Guide B 6 December 2000 ...
Page 1044: ...Foundry Switch and Router Installation and Configuration Guide C 40 December 2000 ...
Page 1048: ...Foundry Switch and Router Installation and Configuration Guide D 4 December 2000 ...
Page 1070: ...Foundry Switch and Router Installation and Configuration Guide Index 18 December 2000 ...