Total Access 5000 Business Services Deployment Guide
NOTE
The methods group radius , group tacacs+ , and local are all optional,
but at least one method must be specified. Only the methods listed are used.
Authentication Examples
The following example enables TACACS+ and local authentication, but disables RADIUS
authentication.
The following example only enables local authentication, disabling all remote authentication
methods.
Configure TACACS+ Authorization
If per‐command authorization is enabled for a group of commands, the Total Access 5000
connects with the TACACS+ server each time a command is entered to verify that the user has
permission to execute the command.
NOTE
TACACS+ authorization only occurs when TACACS+ authentication is used.
Commands are grouped as follows:
• Level 0 commands: The only level 0 commands are enable , disable , end , exit , and
• Level 1 commands: All commands that are native to the Root prompt (prior to the enable
• Level 15 commands: All remaining commands not designated as Level 0 or Level 1. This
• Level 15 configuration commands: These commands are at or beyond the Global
To configure the authorization for a level, complete the following procedure:
1. From the Enable prompt, type configure terminal , and press E
2. From the Global Configuration prompt, type aaa authorization commands < 1,15>
3-22
TA5000#configure terminal
TA5000(config)#aaa authentication login default group tacacs+ local
TA5000(config)#exit
TA5000#
TA5000#configure terminal
TA5000(config)#aaa authentication login default local
TA5000(config)#exit
TA5000#
logoff
. These commands are not subject to remote command authorization.
command being issued) are Level 1 commands. These include most show commands.
includes all application commands, all commands native to the Enable prompt (not also
present at the Root prompt prior to the enable command being used), and all commands
at and beyond the Global Configuration prompt.
Configuration prompt.
bal Configuration prompt.
default group tacacs+
command level.
, and press E
NTER
to enable TACACS+ authorization for a
NTER
to access the Glo‐
65K510DEP08-1A