55
rolename ]
Obtaining temporary user role authorization
AUX or VTY users must pass authentication before they can use a user role that is not included in
the user account they are logged in with.
Perform the following task in user view:
Obtain
authorization to use a
user role.
super
[ rolename ]
If you do not specify the rolename
argument, you
obtain the default target user role for temporary user
role authorization.
The operation fails after three consecutive
unsuccessful password attempts.
The user role must have the permission to execute the
super
command to obtain temporary us
authorization.
Displaying RBAC settings
Execute display commands in any view.
Display user role information.
display role
[
name
role-name ]
Display user role feature
information.
display role feature
[
name
feature-name |
verbose
]
Display user role feature group
information.
display role feature-group
[
name
feature-group-name
]
[
verbose
]
RBAC configuration examples
RBAC configuration example for local AAA authentication
users
Network requirements
As shown in Figure 19, the switch performs local AAA authentication for the Telnet user at
192.168.1.58. The user account for the Telnet user is user1@bbb and is assigned the user role
role1.
Configure role1 to have the following permissions:
Can execute the read commands of any feature.
Cannot configure any VLANs except VLANs 10 to 20.
To Next Page
Loading...
