Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

aaa authorization commands levels

I configured the ff. commands on my router:

R1(config)# aaa new-model

R1(config)# tacacs-server host key xxxxxx

R1(config)# ip tacacs source-int fa0/1

R1(config)# aaa authentication login forCONSOLE group tacacs

R1(config)# aaa authorization console

R1(config)# aaa authorization config-commands

R1(config)# aaa authorization commands 15 forCONSOLE group tacacs

R1(config)# line con 0

R1(config-line)# login authentication forCONSOLE

R1(config-line)# authorization commands 15 forCONSOLE

What is the used of number "15"? Does it mean privilege level 15? if so, why is that when login through my router i got an error "command authorization failed" for "configure terminal" command?

Everyone's tags (2)

Accepted Solutions
New Member

Re: aaa authorization commands levels

New Member

Re:aaa authorization commands levels

You are configuring per command authorization with tacacs.

Have you specified command authorization set that make sure to permit the config terminal command for the login user?


Sent from Cisco Technical Support Android App

New Member

Re: aaa authorization commands levels

Thanks Tariq,

So you mean that per level say from 0 to 15 has different set of commands? example

level 0: has a command set > enable / call / exit

level 1: enable / conf

level 2:

because on each levels we can modify the commands using "privilege exec level" command. HOw to specify a command authorization set? Am i going to set it in the acs server? or in the local router using the "privilege exec level" command. Can you show me the step by step procedure on how to do this? becaue i'm new to this.

New Member

Re: aaa authorization commands levels