• Not enough TCAM resource available.
• Access-Reject from RADIUS.
• User role VSA is sent along with invalid attributes.
• RADIUS not reachable.
• VLAN configured on the user role does not exist.
• Captive Portal profile does not exist.
• User policy configured on the user role does not exist.
• Reauthentication period is enabled (nonzero) in the user role for LMA.
• Captive Portal profile is included in the user role for LMA.
name <NAME-STR>
Create or modify a user-role. Role name identifies a user-role. When adding a user-role, a new context will be
created. The context prompt will be named “user-role” (user-role)#.
Usage
Switch# aaa authorization user-role enable
Switch# aaa authorization user-role disable
Switch# aaa authorization user-role name <ROLE1>
Switch# [no] aaa authorization user-role enable
Switch# [no] aaa authorization user-role name <ROLE1>
Switch# aaa authorization user-role initial-role <ROLE1>
Switch# aaa authorization user-role name <MYUSERROLE> policy <MYUSERPOLICY>
Switch# aaa authorization user-role name <MYUSERROLE> captive-portal-profile <MYCAPTPORTPROFILE>
Switch# aaa authorization user-role name <MYUSERROLE> vlan-id <VID>
Switch# aaa authorization user-role name <MYUSERROLE> reauth-period <0-999999999>
Error log
Scenario Error Message
If the user tries to delete a user-role
configured as the initial role
User role <INITIAL_ROLE_NAME> is configured as the initial role and
cannot be deleted.
If the user attempts to configure more
than the number of administrator
configured roles
#aaa authorization user-role name roleNumber33. No
more user roles can be created.
Table Continued
Chapter 23 Local user roles 443
To Next Page
Loading...
