NOTE
Either of the following commands disable TACACS+ authorization for a
command level:
• aaa authorization commands <1,15> default none
• no aaa authorization commands <1,15>
After any of the above commands are issued to enable or disable remote authorization of all
level 15 commands, command authorization for commands at and beyond the Global Config‐
uration prompt can be separately enabled or disabled via the following:
• aaa authorization config-command
• no aaa authorization config-command
The following command sequence enables TACACS+ authorization for all level 15 commands
except for those at or beyond the Configure Terminal prompt:
• aaa authorization command 15 default group tacacs+
• no aaa authorization config-command
NOTE
Although no authorization is performed for commands at or beyond the
configuration prompt, the configure terminal command does undergo
TACACS+ authorization.
The following command sequence enables TACACS+ authorization for all level 15 commands
except for those prior to the Configure Terminal prompt:
• aaa authorization command 15 default none
• aaa authorization config-command
Configure User Activity Accounting
Command accounting is configured similarly to command authorization. The commands are
grouped in the same manner as authorization.
The following rules apply:
NOTE
TACACS+ accounting only occurs when TACACS+ authentication is used.
• Level 0 commands: Not subject to remote accounting
• Level 15 config commands: There is no config‐command accounting command. These
To configure accounting for a level, perform the following:
• From the Global Configuration prompt, type aaa accounting commands <1,15>
65K510DEP08-1A
Section 3, Common Provisioning - Provision Authentication, Authorization, and Accounting (AAA)
follow level 15 rules
default stop-only group tacacs+
for a command level.
, and press E
NTER
to enable TACACS+ accounting
3-23