Table of Contents
Advertisement
Understanding How Authorization Works
TACACS+ Command Authorization
You can require authorization for all commands or for configuration (enable mode) commands only.
Configuration commands include the following:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
The following TACACS+ authorization process occurs for every command that you enter:
•
•
•
RADIUS Authorization
RADIUS has limited authorization. The Service-Type attribute in the authentication protocol provides
authorization information. This attribute is part of the user-profile.
When you log in using RADIUS authentication and you do not have Administrative/Shell (6)
Service-Type access, the NAS authenticates you and logs you in to EXEC mode if authentication
succeeds. If you have Administrative/Shell (6) Service-Type access, the NAS authenticates you and logs
you in to privileged mode if authentication succeeds.
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide
30-42
copy
clear
commit
configure
delete
download
format
reload
rollback
session
set
squeeze
switch
undelete
If you have disabled the command authorization feature, the TACACS+ server allows you to execute
any command on the switch.
If you have enabled authorization for configuration commands only, the switch verifies that the
argument string matches one of the commands listed above. If there is no match, the switch
completes the command. If there is a match, the switch forwards the command to the NAS for
authorization.
If you have enabled authorization for all commands, the switch forwards the command to the NAS
for authorization.
Chapter 30
Configuring Switch Access Using AAA
—
Release 8.1
78-15486-01
- Quick Links:
- Configuration Guide
- Catalyst 2980G Switch
Hide quick links:
Advertisement
Table of Contents
