Verifying Authorization Profile; Testing Authorization - Cisco MDS 9000 Series Configuration Manual
Security
Hide thumbs
Also See for MDS 9000 Series:
- Command reference manual (1464 pages) ,
- Configuration manual (344 pages) ,
- Troubleshooting manual (161 pages)
Table of Contents
Advertisement
switch(config)#
Enters configuration mode.
Step 2
switch(config)# show run aaa all
aaa authentication login default fallback error local
aaa authentication login console fallback error local
Displays the default fallback behavior.
Step 3
switch(config)# no aaa authentication login default fallback error local
WARNING!!! Disabling fallback can lock your switch.
Disables the fallback to local database for authentication.
Note
Caution
If fallback is disable for both default/console, remote authentication is enabled and servers are unreachable,
then the switch will be locked.
Verifying Authorization Profile
You can verify the authorizing profile for different commands. When enabled, all commands are directed to
the Access Control Server (ACS) for verification. The verification details are displayed once the verification
is completed.
switch# terminal verify-only username sikander
switch# config terminal
Enter configuration commands, one per line.
switch(config)# feature telnet
% Success
switch(config)# feature ssh
% Success
switch(config)# end
% Success
switch# exit
Note
This command only verifies the commands and does not enable the configuration.
Testing Authorization
You can test the authorization settings for any command.
To test the authorization of a command, use the test aaa authorization command-type command.
switch(config)# test aaa authorization command-type commands user u1 command "feature dhcp"
% Success
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
38
Replace default with console in this command to disable fallback to console.
Configuring Security Features on an External AAA Server
End with CNTL/Z.
Advertisement
Chapters
Table of Contents
