Technical data
BLADE OS 5.1 Application Guide
32
Chapter 1: Accessing the Switch BMD00136, November 2009
Authorization
Authorization is the action of determining a user’s privileges on the device, and usually takes place
after authentication.
The default mapping between TACACS+ authorization levels and Blade OS management access
levels is shown in Table 4. The authorization levels must be defined on the TACACS+ server.
Alternate mapping between TACACS+ authorization levels and Blade OS management access
levels is shown in Table 5. Use the following command to set the alternate TACACS+ authorization
levels.
If the remote user is successfully authenticated by the authentication server, the switch
verifies the privileges of the remote user and authorizes the appropriate access. The administrator
has an option to allow secure backdoor access via Telnet/SSH. Secure backdoor provides switch
access when the TACACS+ servers cannot be reached. You always can access the switch via the
console port, by using notacacs and the administrator password, whether secure backdoor is
enabled or not.
Note – To obtain the TACACS+ backdoor password for your G8000, contact
Technical Support.
Table 4 Default TACACS+ Authorization Levels
Blade OS User Access Level TACACS+ level
user 0
oper 3
admin 6
RS G8000 (config)# tacacs-server privilege-mapping
Table 5 Alternate TACACS+ Authorization Levels
Blade OS User Access Level TACACS+ level
user 0 - 1
oper 6 - 8
admin 14 - 15