aaa authorization

Unanswered Question
Apr 22nd, 2007

hello. why aaa authorization is used? i saw example like this :

aaa authorization network tacacs+ none

aaa authorization connection tacacs+ if-authenticated

aaa authorization exec tacacs+ if-authenticated

aaa authorization command 1 tacacs+ if-authenticated

aaa authorization command 15 tacacs+ if-authenticated


is there benefits from using this? i only use the aaa authentication and wonder why someone used authorization. tx.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
royalblues Mon, 04/23/2007 - 00:17

Friend,


With authorization you have control over the privilege levels assigned to users.


you may require a certain group of people to have only read rights and another group having full rights (priv level 15)which can be done with the help of autorization in AAA


HTH

Narayan

jemekeren Mon, 04/23/2007 - 01:36

tx royalblues, i want to know how the logic between router and aaa server. Do we need to configure command level and the exec shell to the user at the ACS too? so for example at the server we enter something like "for user X has able to execute show version and reload". btw how to configure access-list to the user so he only authorized only to access specified subnet and time-restriction access. do you have example to figuring out? please helps from you. tx :)

Actions

This Discussion