Alcatel Unleashed

Hi guys,

did a search on the read-only topic but had no luck so could really appreciate your help here.

i wanted to know what are the methods for me to create an user login for a read-only access (show configuration snapshot, show vlan port, show interfaces port, these kind of stuff)? could i use tacacs server or must it be local user created in the switch?

is there any exec (shell) commands in alcatel omniswitch 6850? i am using these commands on Cisco IOS switches for a read-only access (show run only) for an user created in tacacs server with priviledge 15:

aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated

thanks!!

try this:
> user test-user password test-pw read-only all

with following command you can say where the user is to find - depends from access method (http, telnet ...)
> aaa authentication ?
> aaa authentication telnet ?
local means local database (usertable) etc.

Auth. server (f.e. radius or tacacs) you have to create before
> aaa radius-server "rad1" host 192.168.100.1 key testkey ....

Please read the docu - all infos you can find there.
Silvio

Silvio

Hi Silvio,

thanks for the reply. but it is still not working. i have these 2 tacacs server configured into my switch.

aaa tacacs+-server "tacacs" host xx.xx.xx.xx key "xxx" port 49 timeout 10
aaa tacacs+-server "tacacs2" host xx.xx.xx.xx key "xxx" port 49 timeout 10
aaa authentication default "tacacs" "tacacs2" "local"
aaa authentication console "tacacs" "tacacs2" "local"
aaa authentication telnet "tacacs" "tacacs2" "local"

i have created a local user for read-only access and local aaa authentication for telnet. but i cant login with that newly created user. it will say Authentication Failed. any more idea guys? please help.

thank you very much!

You'll have to give read-write access for telnet, otherwise you can't login.

Benny

Hi Benny,

thanks for the reply. but can elaborate more about read-write access for telnet?

one thing i found out is when a switch's aaa authentication (for this example telnet) is using tacacs server, any local username will get Authenticaiton Failed. when i remove the switch from tacacs server i will be able to login with my read-only access user from local user database. the comand to create read-only access user is correct but how do we combine tacacs and local database for aaa authentication telnet?

Thanks!