Configuration Guide Configuring AAA
method: Specifies authentication methods from local, none, and group. A method list contains up to four
methods.
local: Indicates that the local user database is used for EXEC authorization.
none: Indicates that EXEC authorization is not performed.
group: Indicates that a server group is used for EXEC authorization. Currently, the RADIUS and TACACS+
server groups are supported.
Global configuration mode
The RGOS supports authorization of the users who log in to the CLI of the NAS to assign the users CLI
operation permission levels (0 to 15). Currently, EXEC authorization is performed only on the users who
have passed login authentication. If a user fails in EXEC authorization, the user cannot enter the CLI.
After you configure EXEC authorization methods, apply the methods to the VTY lines that require EXEC
authorization; otherwise, the methods will not take effect.
 Defining a Method List of Command Authorization
aaa authorization commands level { default | list-name } method1 [ method2...]
default: With this parameter used, the configured method list will be defaulted.
list-name: Indicates the name of a command authorization method list in characters.
method: Indicates authentication methods from none and group. A method list contains up to four methods.
none: Indicates that command authorization is not performed.
group: Indicates that a server group is used for command authorization. Currently, the TACACS+ server
group is supported.
Global configuration mode
The RGOS supports authorization of the commands executable by users. When a user enters a command,
AAA sends the command to the security server. If the security server permits the execution, the command is
executed. If the security server forbids the execution, the command is not executed and a message is
displayed showing that the execution is rejected.
When you configure command authorization, specify the command level, which is used as the default level.
(For example, if a command above Level 14 is visible to users, the default level of the command is 14.)
After you configure command authorization methods, apply the methods to the VTY lines that require
command authorization; otherwise, the methods will not take effect.
 Configuring a Method List of Network Authorization
aaa authorization network { default | list-name } method1 [ method2...]
default: With this parameter used, the configured method list will be defaulted.
list-name: Indicates the name of a network authorization method list in characters.
method: Indicates authentication methods from none and group. A method list contains up to four methods.
none: Indicates that authentication is not performed.
group: Indicates that a server group is used for network authorization. Currently, the RADIUS and
To Next Page
Loading...
Need help?
General
