EasyManua.ls Logo

Cisco WS-C6506

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
39-46
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 39 Configuring the Switch Access Using AAA
Configuring Authorization on the Switch
squeeze
switch
undelete
The following TACACS+ authorization process occurs for every command that you enter:
If you have disabled the command authorization feature, the TACACS+ server will allow you to
execute any command on the switch.
If you have enabled authorization for configuration commands only, the switch will verify that the
argument string matches one of the commands listed in this section. If there is no match, the switch
completes the command. If there is a match, the switch forwards the command to the NAS for
authorization.
If you have enabled authorization for all commands, the switch forwards the command to the NAS
for authorization.
RADIUS Authorization
RADUIS has limited authorization. There is one attribute, Service-Type, in the authentication protocol
that provides authorization information. This attribute is part of the user-profile.
When you log in using RADIUS authentication and you do not have Administrative/Shell (6)
Service-Type access, the network access server (NAS) authenticates you and logs you in to the EXEC
mode. If you have Administrative/Shell (6) Service-Type access, the NAS authenticates you and logs you
in to the privileged mode.
Configuring Authorization on the Switch
These sections describe how to configure authorization:
TACACS+ Authorization Default Configuration, page 39-46
TACACS+ Authorization Configuration Guidelines, page 39-47
Configuring TACACS+ Authorization, page 39-47
Configuring RADIUS Authorization, page 39-50
TACACS+ Authorization Default Configuration
Table 39-3 shows the TACACS+ default authorization configuration.
Table 39-3 Default Authorization Configuration
Feature Default Value
TACACS+ login authorization (console and Telnet) Disabled
TACACS+ EXEC authorization (console and Telnet) Disabled
TACACS+ enable authorization (console and Telnet) Disabled
TACACS+ commands authorization (console and Telnet) Disabled

Table of Contents

Related product manuals