aaa authorization

Unanswered Question
Apr 22nd, 2007
User Badges:

hello. why aaa authorization is used? i saw example like this :

aaa authorization network tacacs+ none

aaa authorization connection tacacs+ if-authenticated

aaa authorization exec tacacs+ if-authenticated

aaa authorization command 1 tacacs+ if-authenticated

aaa authorization command 15 tacacs+ if-authenticated

is there benefits from using this? i only use the aaa authentication and wonder why someone used authorization. tx.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Mon, 04/23/2007 - 00:17
User Badges:
  • Green, 3000 points or more


With authorization you have control over the privilege levels assigned to users.

you may require a certain group of people to have only read rights and another group having full rights (priv level 15)which can be done with the help of autorization in AAA



jemekeren Mon, 04/23/2007 - 01:36
User Badges:

tx royalblues, i want to know how the logic between router and aaa server. Do we need to configure command level and the exec shell to the user at the ACS too? so for example at the server we enter something like "for user X has able to execute show version and reload". btw how to configure access-list to the user so he only authorized only to access specified subnet and time-restriction access. do you have example to figuring out? please helps from you. tx :)


This Discussion