Table of Contents
Advertisement
Configuring AAA Command Authorization
Step 5
Step 6
Configuring AAA Command Authorization
When a TACACS+ server authorization method is configured, you can authorize every command that a user
executes with the TACACS+ server which includes all EXEC mode commands and all configuration mode
commands.
The authorization methods include the following:
• Group—TACACS+ server group
• Local—Local role-based authorization
• None—No authorization is performed
The default method is Local.
Note
There is no authorization on the console session.
Before You Begin
You must enable TACACS+ before configuring AAA command authorization.
Procedure
Step 1
Step 2
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
16
Command or Action
show login on-successful log
Example:
switch(config)# show login
on-successful log
copy running-config startup-config
Example:
switch(config)# copy
running-config startup-config
Command or Action
configure terminal
Example:
switch# configure terminal
switch(config)#
aaa authorization {commands |
config-commands} {default} {{[group
group-name] | [ local]} | {[group group-name] |
[ none]}}
Purpose
(Optional)
Displays whether the switch is configured to log successful
authentication messages to the syslog server.
(Optional)
Copies the running configuration to the startup configuration.
Purpose
Enters global configuration mode.
Configures authorization parameters.
Use the commands keyword to authorize EXEC
mode commandes.
Configuring AAA
Hide quick links:
Advertisement
Table of Contents
