User guide
172 ExtremeWare 7.2e Installation and User Guide
Security
In PROFILE2, a user associated with this profile can use any enable command, the clear counters
command and the
show management command, but can perform no other functions on the switch. We
also know from the
users file that gerald has these capabilities.
The following lists the contents of the file users with support for per-command authentication:
user Password = ""
Filter-Id = "unlim"
admin Password = "", Service-Type = Administrative
Filter-Id = "unlim"
eric Password = "", Service-Type = Administrative, Profile-Name = ""
Filter-Id = "unlim"
Extreme:Extreme-CLI-Authorization = Enabled
albert Password = "", Service-Type = Administrative, Profile-Name =
"Profile1"
Filter-Id = "unlim"
Extreme:Extreme-CLI-Authorization = Enabled
lulu Password = "", Service-Type = Administrative, Profile-Name =
"Profile1"
Filter-Id = "unlim"
Extreme:Extreme-CLI-Authorization = Enabled
gerald Password = "", Service-Type = Administrative, Profile-Name "Profile2"
Filter-Id = "unlim"
Extreme:Extreme-CLI-Authorization = Enabled
Contents of the file “profiles”:
PROFILE1 deny
{
enable *, disable ipforwarding
show switch
}
PROFILE2
{
enable *, clear counters
show management
}
PROFILE3 deny
{
create vlan *, configure iproute *, disable *, show fdb
delete *, configure rip add
}
Configuring TACACS+
Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing
authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS
client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are