TACACs levels on NXOS, + minor AAA config equivalents?

Unanswered Question
May 1st, 2009

When you log into a NXOS box, you appear to get the highest role your account has provisioned- there doesn't seem to be the 'exec/enable' dichotomy that our users are familiar (and comfortable with).

Is there a way to make the NXOS boxes have you come in as a network-operator, and then force another login to network-admin? With increased attention being paid to changes at a network level, sometimes it's nice to have that forced reminder that you need to escalate your privliges.

There are a few commands that exist in our legacy configurations that don't port well to the NXOS boxes as well-

aaa authentication username-prompt

aaa authentication fail-message

aaa accounting-commands xxxx start-stop xxx

Maybe start-stop is a relic now and pertains more to dialup accounting- but it's one of those magic configs that's made it into our standard and I hate to change it now. Customized login and fail-messages were nice, though.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion