aaa new-model
■ Use to specify AAA new model as the authentication method for the vty lines on
your router.
■ If you specify AAA new model and you do not create an authentication list, users
will not be able to access the router through a vty line.
■ Example
host1(config)#aaa new-model
■ Use the no version to restore simple authentication.
■ See aaa new-model.
authorization
■ Use to apply AAA authorization to a specific vty line or group of lines.
■ Use the exec keyword to apply this authorization to CLI access in general.
■ Use the commands keyword to apply this authorization to user commands of
the privilege level you specify.
■ You can specify the name of an authorization method list; if no method list is
specified, the default is used.
■ After you enable the aaa authorization command and define a named
authorization method list (or use the default method list) for a particular type of
authorization, you must apply the defined list to the appropriate lines for
authorization to take place.
■ Example
host1(config)#line vty 6
host1(line-config)#authorization commands 15 sonny
■ Use the no version to disable authorization.
■ See authorization.
line
■ Use to specify the virtual terminal lines.
■ You can set a single line or a range of lines. The range is 0–29.
■ Example
host1(config)#line vty 6 10
■ Use the no version to remove a vty line or a range of lines from your
configuration; users will not be able to run Telnet, SSH, or FTP to lines that you
remove. When you remove a vty line, the system removes all lines above that
line. For example, no line vty 6 causes the system to remove lines 6 through
29. You cannot remove lines 0 through 4.
■ See line.
Vty Line Authentication and Authorization ■ 433
Chapter 7: Passwords and Security
To Next Page
Loading...