Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

aaa authorization interpretation

Hi..

Is this a correct interpretation on aaa authorization?

If  I want to authorize certain commands or a certain privilege I use the following example

aaa authorization command 7 group tacacs

no aaa authorization config-commands

if you want to authorize all commands you would use the following:

aaa authorization config-commands

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: aaa authorization interpretation

will authorize all the commands except the configuration commands that we type in the configuration mode:

router(config)#

configure terminal command is a exec level command and still needs to be permitted in the command set on AAA server.

Even if you are runnning level 15 access and you turn on command authorizarion using a TACACS AAA server on that level 15, all the commands you enter will be checked at the server to see if they authorized or not.

Tariq

3 REPLIES
New Member

Re:aaa authorization interpretation

aaa authorization config-commands is for enabling the authorization for the configuration commands as it is disabled by default

Without this you will only authorize the exec commands and the config ones will not get checked against the AAA server for authorization

Tariq Bader

New Member

Re: aaa authorization interpretation

Thanks Tariq, so if i issue the command:

aaa authorization commands 15 group tacacs

no aaa authorization config-commands

What commands are authorized?  i'm quite confuse here because when issue the command "configure terminal" i get a "Command Authorization Failed" error will instead i'm in level 15, which is the highest level in which in my own understanding its the administrative level meaning I have a full access and why it's not..

Thanks in advance for all replies...

New Member

Re: aaa authorization interpretation

will authorize all the commands except the configuration commands that we type in the configuration mode:

router(config)#

configure terminal command is a exec level command and still needs to be permitted in the command set on AAA server.

Even if you are runnning level 15 access and you turn on command authorizarion using a TACACS AAA server on that level 15, all the commands you enter will be checked at the server to see if they authorized or not.

Tariq

667
Views
0
Helpful
3
Replies
CreatePlease to create content