Configuration Guide AAA Configuration
authorization exec {default | list-name}
Return to the privileged mode.
Confirm the configuration.
Using Radius for exec authorization
To configure the use of RADIUS server for Exec authorization, it is required to first configure
the RADIUS server. For the details of the RADIUS server configuration, see Configuring
RADIUS.
After configuring the RADIUS server, the RADIUS server-based method list can be configured.
Run the following commands in the global configuration mode:
Enter the global configuration mode.
aaa authentication enable {default |
list-name} group radius
Define RADIUS authentication method.
Return to the privileged mode.
Confirm the configured method list.
Enter the global configuration mode.
Enter the line configuration mode.
authorization exec {default | list-name}
Return to the privileged mode.
Confirm the configuration.
Example of Configuring Exec Authorization
The example below illustrates how to configure exec authorization. The local login
authentication and the “Radius+local” exec authorization are used when the user on the vty
line 0-4 loggs in. The access server uses the Radius server with IP address 192.168.217.64
and shared keyword test. The local username and password are Ruijie, and the privilege level
is 6.
Ruijie# configure terminal
Ruijie(config)# aaa new-model
Ruijie(config)# radius-server host 192.168.217.64
Ruijie(config)# radius-server key test
Ruijie(config)# username Ruijie password Ruijie
Ruijie(config)# username Ruijie privilege 6
Ruijie(config)# aaa authentication login mlist1 local
Ruijie(config)# aaa authentication exec mlist2 group radius local
Ruijie(config)# line vty 0 4
To Next Page
Loading...
