Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

understanding of aaa authorization command level

is it true aaa authorization command level will only check tacacs server and check only associated with user. using aaa authorization must require the aaa authentication login because that is how acs know how to associate the user and command he/she allowed to execute. in other words by using only aaa authorization will confuse the router. tx for answering :)

1 ACCEPTED SOLUTION

Accepted Solutions

Re: understanding of aaa authorization command level

AAA authentication is required for authorising a user from tacacs with a certain privilge level.

This can be done in 2 ways.

Define the Shell privilge level for each user in TACACS and have the commands for the that privilege level locally on every device.

Second and the recommended method is use shell authorization sets in TACACS. In this case the privilege level is set to 15 but the command are limited to what you have configured on the shell authorization sets.

Have a look at the attachment

HTH, rate if it does

Narayan

4 REPLIES

Re: understanding of aaa authorization command level

AAA authentication is required for authorising a user from tacacs with a certain privilge level.

This can be done in 2 ways.

Define the Shell privilge level for each user in TACACS and have the commands for the that privilege level locally on every device.

Second and the recommended method is use shell authorization sets in TACACS. In this case the privilege level is set to 15 but the command are limited to what you have configured on the shell authorization sets.

Have a look at the attachment

HTH, rate if it does

Narayan

Re: understanding of aaa authorization command level

Hi Narayan,

Definitely deserves rating :)

BR,

Mohammed Mahmoud.

Re: understanding of aaa authorization command level

Mohammed,

Can you share your email address.

Narayan

Re: understanding of aaa authorization command level

Hi Naryan,

Sure: mmma@gawab.com, mohammedmmoustafa@gmail.com

BR,

Mohammed Mahmoud.

342
Views
13
Helpful
4
Replies
CreatePlease to create content