Authorization Example
This example shows how to disable TACACS+ command authorization for both console and Telnet
connections and how to verify the configuration:
Console> (enable) set authorization commands disable both
Successfully disabled commands authorization.
Console> (enable)
This example shows how to verify the configuration:
Console> (enable) show authorization
Telnet:
-------
exec:
enable:
commands:
config:
all:
Console:
--------
exec:
enable:
commands:
config:
all:
Console> (enable)
Authorization Example
Figure 27-4
In this example, TACACS+ authorization is enabled for enable mode access to the switch for both Telnet
and console connections, authorizing configuration commands. When Workstation A initiates a
command on the switch, the switch registers a request with the TACACS+ daemon. The TACACS+
daemon determines if the user is authorized to use the feature and sends a response either executing the
command or denying access.
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
27-54
Primary
Fallback
-------
--------
tacacs+
deny
tacacs+
deny
tacacs+
deny
tacacs+
deny
Primary
Fallback
-------
--------
tacacs+
deny
tacacs+
deny
tacacs+
deny
tacacs+
deny
shows a simple network topology using TACACS+.
Chapter 27
Configuring Switch Access Using AAA
78-12647-02