13
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter A Commands
aaa authorization ssh-certificate
aaa authorization ssh-certificate
To configure the default authentication, authorization, and accounting (AAA) authorization method for
TACACS+ servers, use the aaa authorization ssh-certificate command. To disable this configuration,
use the no form of this command.
aaa authorization ssh-certificate default {group group-list | local}
no aaa authorization ssh-certificate default {group group-list | local}
Syntax Description
Command Default local
Command Modes Global configuration mode
Command History
Usage Guidelines To use this command, you must enable the TACACS+ feature using the feature tacacs+ command.
The group tacacs+ and group group-list methods refer to a set of previously defined TACACS+ and
LDAP servers. Use the tacacs-server host command to configure the host servers. Use the aaa group
server command to create a named group of servers. Use the show aaa groups command to display the
server groups on the device.
If you specify more than one server group, the Cisco NX-OS software checks each group in the order
that you specify in the list. The local method is used only if all the configured server groups fail to
respond and you have configured local as the fallback method.
If you specify the group method or local method and it fails, the authorization can fail. If you have not
configured a fallback method after the TACACS+ or LDAP server group method, authorization fails if
all server groups fail to respond.
This command does not require a license.
Examples This example shows how to configure the local database with certificate authentication as the default
AAA authorization method:
switch# configure terminal
group Specifies to use a server group for authorization.
group-list Space-separated list of server groups. The list can include the following:
• tacacs+ for all configured TACACS+ servers.
• Any configured TACACS+ server group name. The server group name can be
a maximum of 127 characters.
local Specifies to use the local database for authentication.
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
