Configuration Guide Configuring AAA
TACACS+ server groups are supported.
Global configuration mode
The RGOS supports authorization of network-related service requests such as PPP and SLIP requests.
After authorization is configured, all authenticated users or interfaces are authorized automatically.
You can configure three different authorization methods. The next authorization method is executed only
when the current method does not receive response. If authorization fails using a method, the next method
will be not tried.
RADIUS or TACACS+ servers return a series of AV pairs to authorize authenticated users. Network
authorization is based on authentication. Only authenticated users can perform network authorization.
 Enabling Authorization for Commands in Configuration Modes (Including the Global Configuration Mode and
Sub-Modes)
aaa authorization config-commands
Global configuration mode
If you need to enable authorization for commands only in non-configuration modes (for example, privileged
EXEC mode), disable authorization in configuration modes by using the no form of this command. Then
users can run commands in configuration mode and sub-modes without authorization.
 Enabling Authorization for the Console to Run Commands
aaa authorization console
Global configuration mode
The RGOS can differentiate between the users who log in through the Console and the users who log in
through other types of clients. You can enable or disable command authorization for the users who log in
through the Console. If command authorization is disabled for these users, the command authorization
method list applied to the Console line no longer takes effect.
Configuration Example
 Configuring AAA EXEC Authorization
Configure login authentication and EXEC authorization for users on VTY lines 0 to 4. Login authentication is performed in
local mode, and EXEC authorization is performed on a RADIUS server. If the RADIUS server does not respond, users are
redirected to the local authorization.
To Next Page
Loading...
Need help?
General
