Radius Authorization; Configuring Authorization On The Switch; Tacacs+ Authorization Default Configuration - Cisco WS-C6506 Software Manual

Catalyst 6500 series switch

Hide thumbs Also See for WS-C6506:

Manual (110 pages)

Installation manual (336 pages)

Table of Contents

The following TACACS+ authorization process occurs for every command that you enter:

RADIUS Authorization

RADUIS has limited authorization. There is one attribute, Service-Type, in the authentication protocol

that provides authorization information. This attribute is part of the user-profile.

When you log in using RADIUS authentication and you do not have Administrative/Shell (6)

Service-Type access, the network access server (NAS) authenticates you and logs you in to the EXEC

mode. If you have Administrative/Shell (6) Service-Type access, the NAS authenticates you and logs you

in to the privileged mode.

Configuring Authorization on the Switch

These sections describe how to configure authorization:

TACACS+ login authorization (console and Telnet)

TACACS+ EXEC authorization (console and Telnet)

TACACS+ enable authorization (console and Telnet)

TACACS+ commands authorization (console and Telnet)

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

If you have disabled the command authorization feature, the TACACS+ server will allow you to

execute any command on the switch.

If you have enabled authorization for configuration commands only, the switch will verify that the

argument string matches one of the commands listed in this section. If there is no match, the switch

completes the command. If there is a match, the switch forwards the command to the NAS for

authorization.

If you have enabled authorization for all commands, the switch forwards the command to the NAS

for authorization.

TACACS+ Authorization Default Configuration, page 39-46

TACACS+ Authorization Configuration Guidelines, page 39-47

Configuring TACACS+ Authorization, page 39-47

Configuring RADIUS Authorization, page 39-50

shows the TACACS+ default authorization configuration.

Default Authorization Configuration

Configuring the Switch Access Using AAA

Default Value

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 6506 Catalyst 6509 Catalyst 6513

Radius Authorization; Configuring Authorization On The Switch; Tacacs+ Authorization Default Configuration - Cisco WS-C6506 Software Manual

Configuring Authorization on the Switch

RADIUS Authorization

TACACS+ Authorization Default Configuration

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-C6506

Related Content for Cisco WS-C6506

This manual is also suitable for:

Table of Contents