12-16
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 12 Configuring AAA
Configuring Command Authorization
• For commands that are a single word, you must permit unmatched arguments, even if there are no
arguments for the command, for example enable or help. (See Figure 12-4.)
Figure 12-4 Permitting Single Word Commands
• To disallow some arguments, enter the arguments preceded by deny.
For example, to allow enable, but not enable password, enter enable in the commands box, and
deny password in the arguments box. Be sure to select the Permit Unmatched Args check box so
that enable alone is still allowed. (See Figure 12-5.)
Figure 12-5 Disallowing Arguments
•
When you abbreviate a command at the command line, the FWSM expands the prefix and main
command to the full text, but it sends additional arguments to the TACACS+ server as you enter
them.
For example, if you enter sh log, then the FWSM sends the entire command to the TACACS+ server,
show logging. However, if you enter sh log mess, then the FWSM sends show logging mess to the
TACACS+ server, and not the expanded command show logging message. You can configure
multiple spellings of the same argument to anticipate abbreviations. (See Figure 12-6.)
To Next Page
Loading...
Need help?
General