56
Ste
Command
Remarks
2. Enter user line view or use
line class view.
• Enter user line view:
line { first-num1 [ last-num1 ] |
{ aux | vty } first-num2
[ last-num2 ] }
• Enter user line class view:
line class { aux | vty }
For information about the priority
order and application scope of the
configurations in user line view and
user line class view, see "Logging in to
the CLI"
3. Specify a user role on the
user line.
user-role role-name
Repeat this step to specify up to 64
user roles on a user line.
By default, network-admin is specified
on the AUX user line, and
network-operator is specified on any
other user line.
The device does not assign the
security-audit user role to the users
who are logged in to the device
through the current user line.
Configuring temporary user role authorization
Temporary user role authorization allows you to obtain another user role without reconnecting to the
device. This feature is useful when you want to use a user role temporarily to configure a feature.
Temporary user role authorization is effective only on the current login. This function does not change the
user role settings in the user account that you have been logged in with. The next time you are logged in
with the user account, the original user role settings take effect.
Configuration guidelines
When you configure temporary user role authorization, follow these guidelines:
• To enable users to obtain another user roles without reconnecting to the device, you must configure
user role authentication. Table 10 de
scribes the available authentication modes and configuration
requirements.
• If HWTACACS authentication is used, the following rules apply:
{ The device uses the entered username and password to request role authentication, and it sends
the username to the server in the format username or username@domain-name. Whether the
domain name is included in the username depends on the user-name-format command in the
HWTACACS scheme.
{ To obtain a level-n user role, the user account on the server must have the target user role level
or a user role level higher than the target user role. A user account that obtains the level-n user
role can obtain any user roles among level 0 through level-n.
{ To obtain a non-level-n user role, make sure the user account on the server meets the following
requirements:
− The account has a user privilege level.
− The HWTACACS custom attribute is configured for the account in the form of
allowed-roles="role". The variable role represents the target user role.
• If RADIUS authentication is used, the following rules apply:
To Next Page
Loading...
Need help?
General
