Cisco 1941W Configuration Manual page 321
Cisco 3900 series, cisco 2900 series,
cisco 1900 series
Hide thumbs
Also See for 1941W:
- Hardware installation manual (102 pages) ,
- Installing and upgrading (24 pages)
Table of Contents
Advertisement
Chapter
Administering the Wireless Device
Configuring TACACS+ Authorization for Privileged EXEC Access and Network
Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the
wireless device uses information retrieved from the user profile, which is located either in the local user
database or on the security server, to configure the user session. The user is granted access to a requested
service only if the information in the user profile allows it.
You can use the aaa authorization command in global configuration mode with the tacacs+ keyword
to set parameters that restrict a user network access to privileged EXEC mode.
The aaa authorization exec tacacs+ local command sets these authorization parameters:
•
•
Note
Authorization is bypassed for authenticated users who log in through the CLI even if authorization has
been configured.
To specify TACACS+ authorization for privileged EXEC access and network services, follow these
steps, beginning in privileged EXEC mode.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Command
Step 1
configure terminal
Step 2
aaa authorization network tacacs+
Step 3
aaa authorization exec tacacs+
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Use TACACS+ for privileged EXEC access authorization if authentication was performed by using
TACACS+.
Use the local database if authentication was not performed by using TACACS+.
configure terminal
aaa authorization network tacacs+
aaa authorization exec tacacs+
end
show running-config
copy running-config startup-config
Purpose
Enters global configuration mode.
Configures the wireless device for user TACACS+ authorization for all
network-related service requests.
Configures the wireless device for user TACACS+ authorization to
determine whether the user has privileged EXEC access.
The exec keyword might return user profile information (such as
autocommand information).
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Controlling Access Point Access with TACACS+
313
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
