Net Optics iBypass HD User Manual

34

iBypass HD

AAA Privilege Level

the iBypass HD Privi-

lege Level

priv_map=v,5,9

12

11

10

9

8

7

6

5

4

3

2

1

admin

user

view

Figure 23: Privilege level mapping with lower numbers as View level

If the AAA server does not return an authorization privilege level, the iBypass HD privilege level defaults to view. You

can change the default privilege level on a per server basis with the priv_default argument, setting it to 1 for admin, 2

for user, and 3 for view.

Using AAA server commands

RADIUS and TACACS+ servers are configured using the same commands. The only difference is the argument type,

which is set to rad for a RADIUS server and tac for a TACACS+ server.
To add an AAA server:
1. Type server add type=<rad|tac> admin=enable srvip=120.30.10.1 pw=rad_password priv_map=v,5,9,

replacing the argument values with ones appropriate for your system environment.
The server configuration is made pending.

2. Type server show.

Verify that the server configuration is correct. Note the ID of the server if you want to modify any of its parameters.

(If this is the first AAA server configured, its ID will be 1.)

3. If you want to modify any of the server parameters, use the server mod command.

For example, to change the IP address, type server mod type=<rad|tac> id=1 srvip=120.30.20.2. (An error

message is displayed if the type of server specified does not match the type of the server at that id.)

4. Type server commit.

The server configuration is activated.