Manualshelf

Service Manual

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
661662663664665666667668669670
If you do not, the following error is displayed when you attempt to enable role-based only AAA authorization.
% Error: Exec authorization must be applied to more than one line to be useful, e.g.
console and vty lines. Could use default authorization method list as alternative.
5. Verify the conguration has been applied to the console or VTY line.
Dell (conf)#do show running-config line
!
line console 0
login authentication test
authorization exec test
exec-timeout 0 0
line vty 0
login authentication test
authorization exec test
line vty 1
login authentication test
authorization exec test
To enable role-based only AAA authorization:
Dell(conf)#aaa authorization role-only
System-Dened RBAC User Roles
By default, the Dell Networking OS provides 4 system dened user roles. You can create up to 8 additional user roles.
NOTE: You cannot delete any system dened roles.
The system dened user roles are as follows:
Network Operator (netoperator) - This user role has no privilege to modify any conguration on the switch. You can access Exec
mode (monitoring) to view the current conguration and status information.
Network Administrator (netadmin): This user role can congure, display, and debug the network operations on the switch. You
can access all of the commands that are available from the network operator user role. This role does not have access to the
commands that are available to the system security administrator for cryptography operations, AAA, or the commands reserved
solely for the system administrator.
Security Administrator (secadmin): This user role can control the security policy across the systems that are within a domain or
network topology. The security administrator commands include FIPS mode enablement, password policies, inactivity timeouts,
banner establishment, and cryptographic key operations for secure access paths.
System Administrator (sysadmin). This role has full access to all the commands in the system, exclusive access to commands
that manipulate the le system formatting, and access to the system shell. This role can also create user IDs and user roles.
The following summarizes the modes that the predened user roles can access.
Role Modes
netoperator
netadmin Exec Cong Interface Router IP Route-map Protocol MAC
secadmin Exec Cong Line
sysadmin Exec Cong Interface Line Router IP Route-map Protocol MAC
User Roles
This section describes how to create a new user role and congure command permissions and contains the following topics.
Creating a New User Role
668
Security