Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1135
Views
5
Helpful
3
Replies

aaa authorization command

skrao_mandalapu
Level 1
Level 1

‎06-15-2012 07:58 AM - edited ‎03-04-2019 04:41 PM

Hi,

What is the difference between below two commands, I am interested to know only bold portion.

aaa authorization exec default group radius none

aaa authorization network default group radius none

Regards

Siva Kondala Rao

Labels:
0 Helpful
3 Replies 3

smitesh kharecha
Level 5
Level 5

‎06-15-2012 08:24 AM

Hi Siva,

Both are for different purpose. EXEC is used mainly for managing the router/switch,; whereas NETWORK is used for authenticating services like PPP, SLIP, etc...

IOS supports three different types of authorization:

EXEC: Applies to the attributes associated with a user EXEC terminal session.

Command: Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.

Network: Applies to network connection. This can include a PPP, SLIP, or ARAP connection.

HTH,

Smitesh

PS: Please rate helpful posts...

skrao_mandalapu
Level 1
Level 1
In response to smitesh kharecha

‎06-15-2012 09:32 AM

Hi Smitesh,

Can you explain further: what are user EXEC terminal attributes? and I don't understand network connection authorization. when we will use it (can you give one example)? Your patience is appreciated.

Regards

Siva Kondala Rao

0 Helpful

smitesh kharecha
Level 5
Level 5
In response to skrao_mandalapu

‎06-15-2012 11:43 PM

Hi Siva,

EXEC attributes are those related to doing something on the router ( managing router), for example who loged in, did what changed, Is is supposed to have that authorization to make changes on configuration, etc...

Whereas, Network is for authentication. For example, like in PPP CHAP or PAP, you can have username password configure on the device itself; or else you have have those be authenticated by external Radius/ TACACs servers...

HTH,

Smitesh

PS: Please rate helpful posts..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card