configuration when the user session terminates. Temporary user login names and their associated
passwords are not saved as part of the configuration.
•
•
•
Local Authorization
Local authorization uses user profiles and user access information after a user is authenticated.
The profiles and user access information specifies the actions the user can and cannot perform.
By default, local authorization is enabled. Local authorization is disabled only when a different
remote authorization method is configured (RADIUS authorization). Local authorization is
restored when RADIUS authorization is disabled.
You must configure profile and user access information locally.
RADIUS Authorization
RADIUS authorization grants or denies access permissions for a router. Permissions include the
use of FTP, Telnet, SSH (SCP), and console access. When granting Telnet, SSH (SCP) and console
access to the router, authorization can be used to limit what CLI commands the user is allowed to
issue and which file systems the user is allowed or denied access.
TACACS+ Authorization
Like RADIUS authorization, TACACS+ grants or denies access permissions for a router. The
TACACS+ server sends a response based on the surname and password.
TACACS+ separates the authentication, authorization, and accounting function. RADIUS
combines the authentication and authorization functions.
7210 SAS-E OS System Management Guide
Local Authorization on page 23
RADIUS Authorization on page 23
TACACS+ Authorization on page 23
Security
Page 23