Server-supplied privilege level

Information

Login privilege level instructs the switch to accept the authenticating user's command level (manager or operator) that is supplied by the server. This allows manager-level users to skip the login context and proceed immediately to enable context, thus eliminating the need for a manager-level user to log in twice.

Solution

To allow the switch to accept the privilege level provided by the server, use the following configuration command:

switch(config)# aaa authentication login privilege-mode

To supply a privilege level for a user account on a RADIUS server, specify the "Service-Type" attribute in the user's credentials:
- Service-Type = 6 allows manager-level access
- Service-Type = 7 allows operator-level access
- A user with no Service-Type, or a Service-Type not equal to 6 or 7, is denied access

To supply a privilege level for a user account on a TACACS server, specify the "Max Privilege" level in the user's credentials:
- Max-privilege = 15 allows manager-level access
- Max-privilege = 0 allows only operator-level access

See Also

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2

Plugin: ArubaOS

Control ID: 31097963610546bc3292a8174a937049ae2d0ca116208ee040c0ce61b3d792b0