Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1461
Views
0
Helpful
3
Replies

aaa authorization interpretation

Go to solution
mactej6228
Level 1
Level 1

‎07-28-2012 06:28 AM - edited ‎02-21-2020 10:27 AM

Hi..

Is this a correct interpretation on aaa authorization?

If  I want to authorize certain commands or a certain privilege I use the following example

aaa authorization command 7 group tacacs

no aaa authorization config-commands

if you want to authorize all commands you would use the following:

aaa authorization config-commands

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tariq Bader
Cisco Employee
Cisco Employee
In response to mactej6228

‎07-31-2012 12:34 AM

will authorize all the commands except the configuration commands that we type in the configuration mode:

router(config)#

configure terminal command is a exec level command and still needs to be permitted in the command set on AAA server.

Even if you are runnning level 15 access and you turn on command authorizarion using a TACACS AAA server on that level 15, all the commands you enter will be checked at the server to see if they authorized or not.

Tariq

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Tariq Bader
Cisco Employee
Cisco Employee

‎07-28-2012 08:47 AM

aaa authorization config-commands is for enabling the authorization for the configuration commands as it is disabled by default

Without this you will only authorize the exec commands and the config ones will not get checked against the AAA server for authorization

Tariq Bader

0 Helpful

Go to solution
mactej6228
Level 1
Level 1
In response to Tariq Bader

‎07-29-2012 06:07 PM

Thanks Tariq, so if i issue the command:

aaa authorization commands 15 group tacacs

no aaa authorization config-commands

What commands are authorized?  i'm quite confuse here because when issue the command "configure terminal" i get a "Command Authorization Failed" error will instead i'm in level 15, which is the highest level in which in my own understanding its the administrative level meaning I have a full access and why it's not..

Thanks in advance for all replies...

0 Helpful

Go to solution
Tariq Bader
Cisco Employee
Cisco Employee
In response to mactej6228

‎07-31-2012 12:34 AM

will authorize all the commands except the configuration commands that we type in the configuration mode:

router(config)#

configure terminal command is a exec level command and still needs to be permitted in the command set on AAA server.

Even if you are runnning level 15 access and you turn on command authorizarion using a TACACS AAA server on that level 15, all the commands you enter will be checked at the server to see if they authorized or not.

Tariq

0 Helpful
Customers Also Viewed These Support Documents