Re: aaa authorization

jemekeren · ‎04-22-2007

hello. why aaa authorization is used? i saw example like this :

aaa authorization network tacacs+ none

aaa authorization connection tacacs+ if-authenticated

aaa authorization exec tacacs+ if-authenticated

aaa authorization command 1 tacacs+ if-authenticated

aaa authorization command 15 tacacs+ if-authenticated

is there benefits from using this? i only use the aaa authentication and wonder why someone used authorization. tx.

royalblues · ‎04-23-2007

Friend,

With authorization you have control over the privilege levels assigned to users.

you may require a certain group of people to have only read rights and another group having full rights (priv level 15)which can be done with the help of autorization in AAA

HTH

Narayan

jemekeren · ‎04-23-2007

tx royalblues, i want to know how the logic between router and aaa server. Do we need to configure command level and the exec shell to the user at the ACS too? so for example at the server we enter something like "for user X has able to execute show version and reload". btw how to configure access-list to the user so he only authorized only to access specified subnet and time-restriction access. do you have example to figuring out? please helps from you. tx :)

royalblues · ‎04-23-2007

You can configure shell authorization sets in Cisco ACS server which can restrict the user with certain commands.

The other options might be configurable too.

Have a look at this link

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp40/index.htm

HTH, rate if it does

Narayan