In the following example the command protocol permissions are reset to their original setting or one or more of the system-dened roles
and any roles that inherited permissions from them.
Dell(conf)#role configure reset protocol
Adding and Deleting Users from a Role
To create a user name that is authenticated based on a user role, use the username name password encryption-type password role
role-name command in CONFIGURATION mode.
Example
The following example creates a user name that is authenticated based on a user role.
Dell (conf) #username john password 0 password role secadmin
The following example deletes a user role.
NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to username that has a privilege
Dell (conf) #no username john
The following example adds a user, to the secadmin user role.
Dell (conf)#username john role secadmin password 0 password
AAA Authentication and Authorization for Roles
This section describes how to congure AAA Authentication and Authorization for Roles.
Conguration Task List for AAA Authentication and Authorization for Roles
This section contains the following AAA Authentication and Authorization for Roles conguration tasks:
• Conguring AAA Authentication for Roles
• Conguring AAA Authorization for Roles
• Conguring TACACS+ and RADIUS VSA Attributes for RBAC
Congure AAA Authentication for Roles
Authentication services verify the user ID and password combination. Users with dened roles and users with privileges are authenticated
with the same mechanism. There are six methods available for authentication: radius, tacacs+, local, enable, line, and none.
When role-based only AAA authorization is enabled, the enable, line, and none methods are not available. Each of these three methods
allows users to be veried with either a password that is not specic to their user ID or with no password at all. Because of the lack of
security these methods are not available for role only mode. When the system is in role-only mode, users that have only privilege levels are
denied access to the system because they do not have a role. For information about role only mode, see Conguring Role-based Only AAA
Authorization.
NOTE
: Authentication services only validate the user ID and password combination. To determine which commands are permitted
for users, congure authorization. For information about how to congure authorization for roles, see Congure AAA
Authorization for Roles.
To congure AAA authentication, use the aaa authentication command in CONFIGURATION mode.
aaa authentication login {method-list-name | default} method [… method4]
Security
731
To Next Page
Loading...
