PurposeCommand or Action
Enables or disables a privilege role and enters role
configuration mode. The n argument specifies the privilege
level and is a number between 0 and 13.
[no] role name priv-n
Example:
switch(config)# role name priv-5
switch(config-role)#
Step 2
Configures a command rule for users of privilege roles.
These rules permit or deny users to execute specific
rule number {deny | permit} command command-string
Example:
Step 3
commands. You can configure up to 256 rules for each role.
switch(config-role)# rule 2 permit command pwd
The rule number determines the order in which the rules
are applied. Rules are applied in descending order. For
example, if a role has three rules, rule 3 is applied before
rule 2, which is applied before rule 1.
The command-string argument can contain spaces.
Repeat this command for as many rules as
needed.
Note
Exits role configuration mode.exit
Example:
Step 4
switch(config-role)# exit
switch(config)#
Copies the running configuration to the startup
configuration.
(Optional) copy running-config startup-config
Example:
Step 5
switch(config)# copy running-config
startup-config
Related Topics
Configuring Privilege Level Support for Authorization on TACACS+ Servers, on page 94
Creating User Roles and Rules, on page 162
Manually Monitoring TACACS+ Servers or Groups
You can manually issue a test message to a TACACS+ server or to a server group.
Before you begin
Enable TACACS+.
SUMMARY STEPS
1. test aaa server tacacs+ {ipv4-address | ipv6-address | hostname} [vrf vrf-name] username password
2. test aaa group group-name username password
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
97
Configuring TACACS+
Manually Monitoring TACACS+ Servers or Groups
To Next Page
Loading...
