Table 69 aaa command summary (continued)
Command
aaa authorization privilege
<privilege> <mode>
show aaa authorization
no aaa authorization
11.8.2 Command Examples
This example displays how to set the authentication methods for login first to use RADIUS server
and second to use the IES's local database. Then it displays the current authentication method
settings.
sysname# configure
sysname(config)# aaa authentication login radius local
sysname(config)# exit
sysname# show aaa authentication
login type method :
method1 method2 method3
------- ------- -------
radius
local
enable type method :
method1 method2
------- -------
local
IES4005M User's Guide
Description
Sets the authorization mode for the specified command privilege
level. Every command belongs to a privilege. Authorization happens
when a user executes a command matching the specified privilege.
For example, to allow only one user "A" to use the VoIP SIP
commands, you can configure this system so all the VoIP SIP
commands require a specific privilege level (ex. 12) and set the
authorization method for this privilege level to tacacs+. Then you set
the command shell set configured in the TACACS+ server to only give
user "A" access to VoIP SIP commands.
privilege: 1-14
mode: 1-5
1: none: to have no authorization
2: local: to have the system use its local database. This is the default
value.
3: tacacs+: to have the system use a remote TACACS+ server.
4: tacacs+ then none: to have the system use a remote TACACS+
server and if the TACACS+ server does not respond, the system has
no authorization
.
5: tacacs+ then local: to have the system use remote TACACS+
server and if the TACACS+ server does not respond, use its local
database
.
Displays authorization method and privilege mappings.
Resets the authorization mode and privilege mappings to the defaults. C
Chapter 11 Management
M
P
C
13
E
3
13
101