Ethernet Switches & Routers

Reply
New Contributor
Posts: 3
Registered: ‎12-12-2016
Accepted Solution

Privilege 4 Port Change question

ICX 7250 with 8.03, I setup a username with privilege 4 but they still cannot change port VLAN membership. Any ideas? I've tried via CLI and Web. 

 

Thanks

Brocade Moderator
Posts: 238
Registered: ‎06-30-2010

Re: Privilege 4 Port Change question

Hi,

 

Have you also configured aaa to authenticate user for super-user access?

 

Perhaps you could supply your user and aaa configuration?

 

Should pretty much only need the following for this to work

 

aaa authentication enable default local

username test privilege 4 password .....

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
New Contributor
Posts: 3
Registered: ‎12-12-2016

Re: Privilege 4 Port Change question


Mick.Day wrote:

Hi,

 

Have you also configured aaa to authenticate user for super-user access?

 

Perhaps you could supply your user and aaa configuration?

 

Should pretty much only need the following for this to work

 

aaa authentication enable default local

username test privilege 4 password .....

 

Regards

Mick


Hi, I did try changing as you suggested because I had it set to "none" instead of "local" but it did not help.

 

I was reading some more posts andmy problem may be privilege 4 will not let you change VLAN membership. I hope that is not true but it appears this way. In any event, here is the info you asked for:

 

aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
aaa authentication login privilege-mode
enable aaa console
username helpdesk privilege 4 xxxxxx
local-userdb con

 

Here is what happens with I try to access VLAN configuration

 

Switch#conf t
Switch(config)#vlan 10
Invalid input -> vlan 10
Type ? for a list
Switch(config)#

 

Thank you

Brocade Moderator
Posts: 238
Registered: ‎06-30-2010

Re: Privilege 4 Port Change question

Hi,

 

Unfortunately as you have suggested a user with port-config (4) user only has access to physical interface configurations, if you type ? from config mode when logged in with user you will see the following

 

telnet@ICX-2(config)#
end          End Configuration level and go to Privileged level
exit         Exit current level
interface    Port commands
no           Undo/disable commands
quit         Exit to User level
show         Show system information
<cr>

 

The only way you will be able to achieve what you are suggesting (allow user restricted access to vlan configuration) would be to implement something like TACACS+ with command authorisation

 

Hope this answers your question

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Download FREE NVMe eBook