Configuring TACACS+
Command or Action
Step 2
[no] role name priv-n
Example:
switch(config)# role name priv-5
switch(config-role)#
Step 3
rule number {deny | permit} command command-string
Example:
switch(config-role)# rule 2 permit command pwd
Step 4
exit
Example:
switch(config-role)# exit
switch(config)#
Step 5
(Optional) copy running-config startup-config
Example:
switch(config)# copy running-config
startup-config
Related Topics
Manually Monitoring TACACS+ Servers or Groups
You can manually issue a test message to a TACACS+ server or to a server group.
Before you begin
Enable TACACS+.
SUMMARY STEPS
1. test aaa server tacacs+ {ipv4-address | ipv6-address | hostname} [vrf vrf-name] username password
2. test aaa group group-name username password
Configuring Privilege Level Support for Authorization on TACACS+
Creating User Roles and
Rules, on page 162
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Manually Monitoring TACACS+ Servers or Groups
Purpose
Enables or disables a privilege role and enters role
configuration mode. The n argument specifies the privilege
level and is a number between 0 and 13.
Configures a command rule for users of privilege roles.
These rules permit or deny users to execute specific
commands. You can configure up to 256 rules for each role.
The rule number determines the order in which the rules
are applied. Rules are applied in descending order. For
example, if a role has three rules, rule 3 is applied before
rule 2, which is applied before rule 1.
The command-string argument can contain spaces.
Repeat this command for as many rules as
Note
needed.
Exits role configuration mode.
Copies the running configuration to the startup
configuration.
Servers, on page 94
97