Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series
791792793794795796797798799800
The format to create a Dell EMC Networking AV pair for privilege level is shell:priv-lvl=<number> where number is a value between
0 and 15.
Force10-avpair= ”shell:priv-lvl=15
Example for Creating a AVP Pair for System Dened or User-Dened Role
The following section shows you how to create an AV pair to allow a user to login from a network access server to have access to
commands based on the user’s role. The format to create an AV pair for a user role is Force10-avpair= ”shell:role=<user-
role>“ where user-role is a user dened or system-dened role.
In the following example, you create an AV pair for a system-dened role, sysadmin.
Force10-avpair= "shell:role=sysadmin"
In the following example, you create an AV pair for a user-dened role. You must also dene a role, using the userrole myrole
inherit
command on the switch to associate it with this AV pair.
Force10-avpair= ”shell:role=myrole“
The string, “myrole, is associated with a TACACS+ user group. The user IDs are associated with the user group.
Role Accounting
This section describes how to congure role accounting and how to display active sessions for roles.
This sections consists of the following topics:
Conguring AAA Accounting for Roles
Applying an Accounting Method to a Role
Displaying Active Accounting Sessions for Roles
Conguring AAA Accounting for Roles
To congure AAA accounting for roles, use the aaa accounting command in CONFIGURATION mode.
aaa accounting {system | exec | commands {level | role role-name}} {name | default} {start-stop
| wait-start | stop-only} {tacacs+}
Example of Conguring AAA Accounting for Roles
The following example shows you how to congure AAA accounting to monitor commands executed by the users who have a secadmin
user role.
DellEMC(conf)#aaa accounting command role secadmin default start-stop tacacs+
Applying an Accounting Method to a Role
To apply an accounting method list to a role executed by a user with that user role, use the accounting command in LINE mode.
accounting {exec | commands {level | role role-name}} method-list
Example of Applying an Accounting Method to a Role
The following example applies the accounting default method to the user role secadmin (security administrator).
DellEMC(conf-vty-0)# accounting commands role secadmin default
796
Security