Aaa Authorization - Dell Networking 2024 Reference Manual

User Guidelines
The default and optional list names created with the aaa authentication
login command are used with the login authentication command. Create a
list by entering the aaa authentication login
a particular protocol, where
method
this list. The
authentication algorithm tries, in the given sequence.
The additional methods of authentication are attempted only if the previous
method returns an error, not if there is an authentication failure. Only the
RADIUS, TACACS+, local and enable methods can return an error. To
ensure that authentication succeeds even if all methods return an error,
specify none as the final method in the command line. For example, if none is
specified as an authentication method after radius, no authentication is used
if the RADIUS server is down. If specified, none must be the last method in
the list.
NOTE: Auth-Type:=Local doesn't work for recent versions of FreeRadius.
FreeRadius ignores the configuration if Local is used. Administrators should remove
Auth-Type=Local and use the PAP or CHAP modules instead.
Example
The following example configures the default authentication login to attempt
RADIUS authentication, then local authentication, then enable
authentication, and then, if all the previous methods returned an error, allow
the user access (none method).
console(config)# aaa authentication login default radius local enable none

aaa authorization

Use the aaa authorization command to create an authorization method list.
A list may be identified by a user-specified list-name or the keyword default.
Use the no form of the command to delete an authorization list.
Syntax
aaa authorization {commands|exec}{
[method2]
no aaa authorization {commands|exec} {
224
AAA Commands
list-name
is any character string used to name
argument identifies the list of methods that the
list-name method
default list-name
|
default list-name
|
command for
} method1
}