Dell PC7024, PC7024F, PC7024P, PC7048, PC7048P, PC7048R, PC7048R-RA Vendor-Specific Option

200 Using the CLI

User Access Control

In addition to authenticating a user, the CLI also assigns the user access to

one of two security levels. Level 1 has read-only access. This level allow the

user to read information but not configure the switch. The access to this level

cannot be modified. Level 15 is the special access level assigned to the

superuser of the switch. This level has full access to all functions within the

switch and can not be modified.

If the user account is created and maintained locally, each user is given an

access level at the time of account creation. If the user is authenticated

through remote authentication servers, the authentication server is

configured to pass the user access level to the CLI when the user is

authenticated. When Radius is used, the

Vendor-Specific Option

field

returns the access level for the user. Two vendor specific options are

supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA

(user-group=x). TACACS+ provides the appropriate level of access.

The following rules and specifications apply:

• The user determines whether remote authentication servers or locally

defined user authentication accounts are used.

• If authentication servers are used, the user can identify at least two remote

servers (the user may choose to configure only one server) and what

protocol to use with the server, TACACS+ or Radius. One of the servers is

primary and the other is the secondary server (the user is not required to

specify a secondary server). If the primary server fails to respond in a

configurable time period, the CLI automatically a ttempts to authenticate

the user with the secondary server.

• The user i s able to s pecify w hat happe ns when b oth prima ry and se condary

servers fail to respond. In this case, the user is able to indic ate that the CLI

Dell Vendor-Specific Option