12-11
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 12 Configuring AAA
Configuring Command Authorization
Local Command Authorization Prerequisites
Complete the following tasks as part of your command authorization configuration:
• Configure enable authentication. (See the “Configuring Authentication to Access Privileged Mode”
section on page 12-8.)
Alternatively, you can use the login command (which is the same as the enable command with
authentication), which requires no configuration. We do not recommend this option because it is not
as secure as enable authentication.
You can also use CLI authentication (see the “Configuring Authentication for CLI Access” section
on page 12-8), but it is not required.
• Configure each user in the local database at a privilege level from 0 to 15. (See the “Configuring the
Local Database” section on page 12-6.)
Default Command Privilege Levels
By default, the following commands are assigned to privilege level 0. All other commands are at
level 15.
• show checksum
• show curpriv
• enable (enable mode)
• help
• show history
• login
• logout
• pager
• show pager
• clear pager
• quit
• show version
If you move any configure mode commands to a lower level than 15, be sure to move the configure
command to that level as well, otherwise, the user will not be able to enter configuration mode.
To view all privilege levels, see the “Viewing Command Privilege Levels” section on page 12-13.
Assigning Privilege Levels to Commands and Enabling Authorization
To assign a command to a new privilege level, and enable authorization, follow these steps:
Step 1 To assign a command to a privilege level, enter the following command:
FWSM/contexta(config)# privilege [show | clear | configure] level
level
[mode {enable | configure}] command
command
Repeat this command for each command you want to reassign.
See the following information about the options in this command:
To Next Page
Loading...
Need help?
General