Cisco Catalyst 6500 Series Configuration Manual page 232
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Configuring Command Authorization
show | clear | configure—These optional keywords allow you to set the privilege only for the show,
•
clear, or configure form of the command. The configure form of the command is typically the form
that causes a configuration change, either as the unmodified command (without the show or clear
prefix) or as the no form. If you do not use one of these keywords, all forms of the command are
affected.
level level—A level between 0 and 15.
•
•
mode {enable | configure}—If a command can be entered in unprivileged/privileged mode as well
as configuration mode, and the command performs different actions in each mode, you can set the
privilege level for these modes separately:
•
command command—The command you are configuring. You can only configure the privilege
level of the main command. For example, you can configure the level of all aaa commands, but not
the level of the aaa authentication command and the aaa authorization command separately.
Also, you cannot configure the privilege level of subcommands separately from the main command.
For example, you can configure the context command, but not the allocate-interface command,
which inherits the settings from the context command.
To enable local command authorization, enter the following command:
Step 2
FWSM/contexta(config)# aaa authorization command LOCAL
Even if you set command privilege levels, command authorization does not take place unless you enable
command authorization with this command.
For example, the filter command has the following forms:
filter (represented by the configure option)
•
show filter
•
clear filter
•
You can set the privilege level separately for each form, or set the same privilege level for all forms by
omitting this option. For example, set each form separately as follows:
FWSM/contexta(config)# privilege show level 5 command filter
FWSM/contexta(config)# privilege clear level 10 command filter
FWSM/contexta(config)# privilege configure level 10 command filter
Alternatively, you can set all filter commands to the same level:
FWSM/contexta(config)# privilege level 5 command filter
The show privilege command separates the forms in the display.
The following example shows the use of the mode keyword. The enable command must be entered from
unprivileged mode, while the enable password command, which is accessible in configuration mode,
requires the highest privilege level.
FWSM/contexta(config)# privilege configure level 0 mode enable command enable
FWSM/contexta(config)# privilege configure level 15 mode configure command enable
FWSM/contexta(config)# privilege show level 15 mode configure command enable
This example shows an additional command, the configure command, that uses the mode keyword:
FWSM/contexta(config)# privilege show level 5 mode configure command configure
FWSM/contexta(config)# privilege clear level 15 mode configure command configure
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
12-12
enable—Specifies both unprivileged mode and privileged mode.
–
configure—Specifies configuration mode, accessed using the configure terminal command.
–
Chapter 12
Configuring AAA
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Cisco Catalyst 6500 Series
Related Products for Cisco Catalyst 6500 Series
- Cisco 6503 - Catalyst Firewall Security Sys
- Cisco 6503-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6504-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6506 - Catalyst Chassis Switch
- Cisco 6513 - Catalyst Switch
- Cisco Catalyst 6509
- Cisco Catalyst 6513-E
- Cisco Catalyst 6500-E Series