EasyManua.ls Logo

Cisco Nexus 9000 Series - Configuring Privilege Level Support for Authorization on TACACS+ Servers

Cisco Nexus 9000 Series
562 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
2. terminal no verify-only [username username]
DETAILED STEPS
PurposeCommand or Action
Enables command authorization verification. After you
enter this command, the Cisco NX-OS software indicates
whether the commands you enter are authorized or not.
terminal verify-only [username username]
Example:
switch# terminal verify-only
Step 1
Disables command authorization verification.
terminal no verify-only [username username]
Example:
Step 2
switch# terminal no verify-only
Configuring Privilege Level Support for Authorization on TACACS+ Servers
You can configure privilege level support for authorization on TACACS+ servers.
Unlike Cisco IOS devices, which use privilege levels to determine authorization, Cisco NX-OS devices use
role-based access control (RBAC). To enable both types of devices to be administered by the same TACACS+
servers, you can map the privilege levels configured on TACACS+ servers to user roles configured on Cisco
NX-OS devices.
When a user authenticates with a TACACS+ server, the privilege level is obtained and used to form a local
user role name of the format “priv-n,” where n is the privilege level. The user assumes the permissions of this
local role. Sixteen privilege levels, which map directly to corresponding user roles, are available. The following
table shows the user role permissions that correspond to each privilege level.
User Role PermissionsPrivilege Level
network-admin permissions15
Standalone role permissions, if the feature
privilege command is disabled.
Same permissions as privilege level 0 with
cumulative privileges for roles, if the feature
privilege command is enabled.
13 - 1
Permission to execute show commands and exec
commands (such as ping, trace, and ssh).
0
When the feature privilege command is enabled, privilege roles inherit the permissions of lower level privilege
roles.
Note
You must also configure the privilege level for the Cisco NX-OS device on the Cisco Secure Access Control
Server (ACS).
Note
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
94
Configuring TACACS+
Configuring Privilege Level Support for Authorization on TACACS+ Servers

Table of Contents

Other manuals for Cisco Nexus 9000 Series

Preview: Manual
Manual30 pages
Preview: Troubleshooting Guide
Troubleshooting Guide126 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Quick Start Configuration Guide
Quick Start Configuration Guide6 pages
Preview: Installation
Installation12 pages
Preview: Installing
Installing8 pages

Related product manuals