Table of Contents
Advertisement
Command Reference Guide
The two types of method lists created using the aaa authorization commands command are a default list
and a named list. A default list is one that is created and automatically applied to all line interfaces at the
global level. A named method list is one that does not perform any action until it is manually applied to an
interface. Named AAA command authorization method lists are applied to line interfaces using the
authorization commands <level> <listname> command from the appropriate line interface configuration
mode
(Line (Console) Interface Command Set on page
page
1498, or
Line (SSH) Interface Command Set on page
To use TACACS+ servers to perform command authorization, the TACACS+ servers must be configured
prior to creating the method list. You can configure all TACACS+ servers in the system using the command
tacacs-server on page
tacacs-server host on page
TACACS+ servers for authorization by using the group tacacs+ method. If you only want to use some of
the available TACACS+ servers for authorization, you can create a named server group and add the
TACACS+ servers to the group. Server groups are created using the command
886
and servers are added to the group as outlined in the
For more information about AAA authorization, or AAA configuration in general, refer to the Configuring
AAA in AOS configuration guide available online at https://supportforums.adtran.com.
Usage Examples
The following example creates a command authorization method list called myList, which authorizes
unprivileged commands (this succeeds only if the user has been authenticated successfully):
(config)#aaa authorization commands 1 myList if-authenticated
The following command defines the default command authorization method list to authorize privileged
(level 15) commands against all defined TACACS+ servers:
(config)#aaa authorization commands 15 default group tacacs+
If command authorization is used in conjunction with a TACACS+ server, the same user
name that is used to access AOS must be configured on the server.
60000CRG0-35E
1357. You can configure individual TACACS+ servers using the command
1358. Once the TACACS+ servers have been configured, you can use all
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
1464,
Line (Telnet) Interface Command Set on
1481).
TACACS+ Group Command Set on page
aaa group server on page
3361.
880
- Quick Links:
- Basic Mode Command Set
Hide quick links:
Advertisement
Table of Contents
