DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Configures the default AAA authorization method for the
TACACS+ servers.
aaa authorization ssh-certificate default {group
group-list [none] | local | none}
Step 2
Example:
The ssh-certificate keyword configures TACACS+ or local
authorization with certificate authentication. The default
switch(config)# aaa authorization ssh-certificate
default group TACACSServer1 TACACSServer2
authorization is local authorization, which is the list of
authorized commands for the user’s assigned role.
The group-list argument consists of a space-delimited list
of TACACS+ server group names. Servers belonging to
this group are contacted for AAA authorization. The local
method uses the local database for authorization, and the
none method specifies that no AAA authorization be used.
Exits global configuration mode.exit
Example:
Step 3
switch(config)# exit
switch#
Displays the AAA authorization configuration. The all
keyword displays the default values.
(Optional) show aaa authorization [all]
Example:
Step 4
switch# show aaa authorization
Copies the running configuration to the startup
configuration.
(Optional) copy running-config startup-config
Example:
Step 5
switch# copy running-config
startup-config
Related Topics
Enabling TACACS+ , on page 73
Configuring Command Authorization on TACACS+ Servers
You can configure authorization for commands on TACACS+ servers.
Command authorization disables user role-based authorization control (RBAC), including the default roles.
Caution
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
90
Configuring TACACS+
Configuring Command Authorization on TACACS+ Servers
To Next Page
Loading...
