PurposeCommand or Action
(Optional)
Displays whether the switch is configured to log successful
authentication messages to the syslog server.
show login on-successful log
Example:
switch(config)# show login
on-successful log
Step 5
(Optional)
Copies the running configuration to the startup configuration.
copy running-config startup-config
Example:
switch(config)# copy
running-config startup-config
Step 6
Configuring AAA Command Authorization
When a TACACS+ server authorization method is configured, you can authorize every command that a user
executes with the TACACS+ server which includes all EXEC mode commands and all configuration mode
commands.
The authorization methods include the following:
• Group—TACACS+ server group
• Local—Local role-based authorization
• None—No authorization is performed
The default method is Local.
There is no authorization on the console session.Note
Before You Begin
You must enable TACACS+ before configuring AAA command authorization.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
switch# configure terminal
switch(config)#
Step 1
Configures authorization parameters.aaa authorization {commands |
config-commands} {default} {{[group
Step 2
Use the commands keyword to authorize EXEC
mode commandes.
group-name] | [ local]} | {[group group-name] |
[ none]}}
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
16
Configuring AAA
Configuring AAA Command Authorization
To Next Page
Loading...
