Authorization Events; Tacacs+ Primary Options And Fallback Options; Tacacs+ Command Authorization - Cisco WS-C6506 Software Manual

Chapter 39 Configuring the Switch Access Using AAA

Authorization Events

You can enable authorization for the following:
•
•
•

TACACS+ Primary Options and Fallback Options

You can specify the primary options and the fallback options that are used in the authorization process.
The available options and fallback options include the following:
•
•
•
•

TACACS+ Command Authorization

You can require authorization for all commands or for configuration (enable mode) commands only. The
configuration commands include the following:
•
•
•
•
•
•
•
•
•
•
•
OL-8978-04
Commands—When you enable authorization for commands, the user must supply a valid username
and password pair to execute certain commands. You can require authorization for all commands or
for configuration (enable mode) commands only. When a user issues a command, the authorization
server receives the command and user information and compares it against an access list. If the user
is authorized to issue that command, the command is executed; otherwise, the command is not
executed.
EXEC mode (normal login)—When authorization is enabled for EXEC mode, the user must supply
a valid username and password pair to gain access to EXEC mode. Authorization is required only if
you have enabled the authorization feature.
Enable mode (privileged login)—When authorization is enabled for enable mode, the user must
supply a valid username and password pair to gain access to enable mode. Authorization is required
only if you have enabled authorization for enable mode.
tacacs+—If you have been authenticated, and there is no response from the TACACS+ server, then
authorization will succeed immediately.
deny—Deny is strictly a fallback option. Authorization will fail if the TACACS+ server fails to
respond. This is the default behavior.
if-authenticated—If you have been authenticated, and there is no response from the TACACS+
server, then authorization will succeed immediately.
none—Authorization will succeed if the TACACS+ server does not respond.
copy
clear
commit
configure
delete
download
format
reload
rollback
session
set
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Understanding How Authorization Works
39-45