Section 3, Common Provisioning - Provision Authentication, Authorization, and Accounting (AAA)
65K510DEP08-1A 3-23
Eitherofthefollowingcomman dsdisableTACACS+authorizationfora
commandlevel:
•
aaa authorization commands <1,15> default none
•no aaa authorization commands <1,15>
Afteranyoftheabovecommandsareissuedtoenableordisableremoteauthorizationofall
level15commands,commandauthorizationforcommandsatandbeyondtheGlobalConfig‐
urationpromptcanbeseparatelyenabledordisabledviathefollowing:
•
aaa authorization config-command
• no aaa authorization config-command
ThefollowingcommandsequenceenablesTACACS+authorizationforalllevel15commands
exceptforthoseatorbeyondtheConfigureTerminalprompt:
•
aaa authorization command 15 default group tacacs+
• no aaa authorization config-command
Althoughnoaut horizationisperformedforcommandsatorbeyondthe
configurationpromp t,the
configure terminalcommanddoesundergo
TA CACS+authorization.
ThefollowingcommandsequenceenablesTACACS+authorizationforalllevel15commands
exceptforthosepriortotheConfigureTerminalprompt:
•
aaa authorization command 15 default none
• aaa authorization config-command
Configure User Activity Accounting
Commandaccountingisconfiguredsimilarlytocommandauthorization.Thecommandsare
groupedinthesamemannerasauthorization.
Thefollowingrulesapply:
TA CACS+accountingonlyoccurswhenTACACS+ authenti cationisused.
• Level0commands:Notsubjecttoremoteaccounting
• Level15configcommands:Thereisnoconfig‐commandaccountingcommand.These
followlevel15rules
Toconfigureaccountingforalevel,performthefollowing:
•FromtheGlobalConfigurationprompt,type
aaa accounting commands <1,15>
default stop-only group tacacs+
,andpressENTERtoenableTACACS+accounting
foracommandlevel.
To Next Page
Loading...
Need help?
General
