the aaa authorization command instructs the router to check with the authorization server to verify if the particular user who is logging in has authorization to execute certain commands, or to execute commands at a certain privilege level.
One way to understand it is that the first step is authentication which deals with the question of verifying who is signing in. Authorization is the next step and deals with the question now that we know who is signing in what commands or level of commands should they be able to execute.
Thank you for your reply. I understand the basic authentication and authorization concepts. This command "aaa authorization config-commands" is a special command within command authorization. According to documentation, no form of this command will not check for authorization of config commands, while it will check for authorization for all other EXEC level commands.
But it is not very clear to me what exactly it meant. It would be helpful if someone can explain a bit more with an example.
This was the best desciption of this command I could find on cisco's site. It sounds to me like if you use the no form of this command you will not be able to use any configuration commands.
If the aaa authorization commands level method command is enabled, all commands, including configuration commands, are authorized by authentication, authorization, and accounting (AAA) using the method specified. Because there are configuration commands that are identical to some EXEC-level commands, there can be some confusion in the authorization process. Using the no aaa authorization config-commands command stops the network access server from attempting configuration command authorization.
After the no form of this command has been entered, AAA authorization of configuration commands is completely disabled. Care should be taken before entering the no form of this command because it potentially reduces the amount of administrative control on configuration commands.
Use the aaa authorization config-commands command if, after using the no form of this command, you need to reestablish the default set by the aaa authorization commands level method command.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...