C613-50631-01 Rev A Command Reference for IE340 Series 2368
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
AAA COMMANDS
AAA
AUTHORIZATION COMMANDS
aaa authorization commands
Overview This command configures a method list for commands authorization that can be
applied to console or VTY lines. When command authorization is enabled for a
privilege level, only authorized users can executed commands in that privilege
level.
Use the no variant of this command to remove a named method list or disable the
default method list for a privilege level.
Syntax
aaa authorization commands <privilege-level>
{default|<list-name>} group tacacs+ [none]
no aaa authorization commands <privilege-level>
{default|<list-name>}
Mode Global Configuration
Usage notes TACACS+ command authorization provides centralized control of the commands
available to a user of an AlliedWare Plus device. Once enabled:
• The command string and username are encrypted and sent to the first
available configured TACACS+ server (the first server configured) for
authorization.
Parameter Description
<privilege-level> The privilege level of the set of commands the method list
will be applied to.
AlliedWare Plus defines three sets of commands, that are
indexed by a level value:
Level = 1: All commands that can be accessed by a user
with privilege level between 1 and 6 inclusive
Level = 7: All commands that can be accessed by a user
with privilege level between 7 and 14 inclusive
Level = 15: All commands that can be accessed by a user
with privilege level 15
group Specify the server group where authorization messages are
sent. Only the tacacs+ group is available for this
command.
tacacs+ Use all TACACS+ servers configured by the tacacs-server
host command.
default Configure the default authorization commands method list.
<list-name> Configure a named authorization commands method list
none If specified, this provides a local fallback to command
authorization so that if authorization servers become
unavailable then the device will accept all commands
normally allowed for the privilege level of the user.
To Next Page
Loading...
