Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

1501

Version Description

9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, MXL.

Usage

Information

Instead of using the system defined user roles, you can create a new user role that best matches your

organization. When you create a new user role, you first inherit permissions from one of the system

defined roles. Otherwise you would have to create a user role from scratch. You then restrict commands

or add commands to that role. For information about this topic, See Modifying Command Permissions for

Roles.

NOTE: You can change user role permissions on system pre-defined user roles or user-defined user

roles.

Important Points to Remember

Consider the following when creating a user role:

● Only the system administrator and user-defined roles inherited from the system administrator can

create roles and usernames. Only the system administrator, security administrator, and roles inherited

from these can use the role command to modify command permissions. The security administrator

and roles inherited by security administrator can only modify permissions for commands they already

have access to.

● Make sure you select the correct role you want to inherit.

NOTE: If you inherit a user role, you cannot modify or delete the inheritance. If you want to change

or remove the inheritance, delete the user role and create it again. If the user role is in use, you

cannot delete the user role.

AAA Accounting Commands

AAA Accounting enables tracking of services that users are accessing and the amount of network resources being consumed by

those services. When you enable AAA Accounting, the network server reports user activity to the TACACS+ security server in

the form of accounting records. Each accounting record is comprised of accounting AV pairs and is stored on the access control

server.

As with authentication and authorization, you must configure AAA Accounting by defining a named list of accounting methods,

and then applying that list to various interfaces.

aaa accounting

Enable AAA Accounting and create a record for monitoring the accounting function.

C9000 Series

Syntax

aaa accounting {commands {level | role role-name | dot1x | exec | rest |

suppress | system} {name | default} {start-stop | wait-start | stop-only}

{radius | tacacs+}

To disable AAA Accounting, use the no aaa accounting {commands {level | role role-

name | dot1x | exec | rest | suppress | system} {name | default} {start-

stop | wait-start | stop-only} {radius | tacacs+} command.

Parameters

system Enter the keyword system to send accounting information of any other AAA

configuration.

exec Enter the keyword exec to send accounting information when a user has logged in

to EXEC mode.

dot1x Enter the keyword dot1x to send accounting information when a dot1x user has

logged in.

Security 1507