EasyManua.ls Logo

Cisco Nexus 9000 Series - Page 117

Cisco Nexus 9000 Series
562 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
If you use a console to login to the server, command authorization is disabled. Authorization is available for
both non-console and console sessions. By default, command authorization is disabled for console sessions
even if it is configured for default (non-console) sessions. You must explicitly configure a AAA group for
the console to enable command authorization for console sessions.
Note
By default, context sensitive help and command tab completion show only the commands supported for a
user as defined by the assigned roles. When you enable command authorization, the Cisco NX-OS software
displays all commands in the context sensitive help and in tab completion, regardless of the role assigned to
the user.
Note
Before you begin
Enable TACACS+.
SUMMARY STEPS
1. configure terminal
2. aaa authorization {commands | config-commands} {console | default} {group group-list [local] |
local}
3. (Optional) show tacacs+ {pending | pending-diff}
4. (Optional) tacacs+ commit
5. exit
6. (Optional) show aaa authorization [all]
7. (Optional) copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Configures the command authorization method for specific
roles on a TACACS+ server.
aaa authorization {commands | config-commands}
{console | default} {group group-list [local] | local}
Step 2
Example:
The commands keyword configures authorization sources
for all EXEC commands, and the config-commands
switch(config)# aaa authorization commands
default group TacGroup
keyword configures authorization sources for all
configuration commands.
Per command authorization will disable RBAC for
all
users. Proceed (y/n)?
The console keyword configures command authorization
for a console session, and the default keyword configures
command authorization for a non-console session.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
91
Configuring TACACS+
Configuring Command Authorization on TACACS+ Servers

Table of Contents

Other manuals for Cisco Nexus 9000 Series

Preview: Manual
Manual30 pages
Preview: Troubleshooting Guide
Troubleshooting Guide126 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Quick Start Configuration Guide
Quick Start Configuration Guide6 pages
Preview: Installation
Installation12 pages
Preview: Installing
Installing8 pages

Related product manuals