12-17
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 12 Configuring AAA
Configuring Command Authorization
Figure 12-6 Specifying Abbreviations
•
We recommend that you allow the following basic commands for all users:
–
show checksum
–
show curpriv
–
enable
–
help
–
show history
–
login
–
logout
–
pager
–
show pager
–
clear pager
–
quit
–
show version
Enabling TACACS+ Command Authorization
Before you enable TACACS+ command authorization, be sure that you are logged into the FWSM as a
user that is defined on the TACACS+ server, and that you have the necessary command authorization to
continue configuring the FWSM. For example, you should log in as an admin user with all commands
authorized. Otherwise, you could become unintentionally locked out.
To perform command authorization using a TACACS+ server, enter the following command:
FWSM/contexta(config)# aaa authorization command
tacacs+_server_group
[LOCAL]
You can configure the FWSM to use the local database as a fallback method if the TACACS+ server is
unavailable. To enable fallback, specify the server group name followed by LOCAL (LOCAL is case
sensitive). We recommend that you use the same username and password in the local database as the
TACACS+ server because the FWSM prompt does not give any indication which method is being used.
To Next Page
Loading...
