Manualshelf

Technical data

ManualsBrandsCisco ManualsComputer equipment1604 - 1604 Bridge/router
151152153154155156157158159160
7-16 Dial Solutions Quick Configuration Guide
Configuring Authorization
6—If no mandatory match exists, look for an exact attribute, value pair match among the
daemon’s optional AV pairs. If found add the daemon’s matching AV pair to the output.
7—If no exact match exists, locate the first attribute match among the daemon’s optional AV
pairs. If found add the daemon’s matching AV pair to the output.
8—If no match is found, delete the AV pair if default is deny, or if the default is permit, add the
access server AV pair to the output.
9—If there is no attribute match already in the output list after all AV pairs have been processed
for each mandatory daemon AV pair, add the AV pair (add only one AV pair for each mandatory
attribute).
Configuring Authorization (Network or EXEC) on the Access Server
To specify network authorization, which means that you are preventing unauthorized users from
accessing network resources, issue the aaa authorization network command. To restrict users from
logging into the EXEC facility, issue the aaa authorization exec command. See the following
example:
2511(config)# aaa authorization network
2511(config)# aaa authorization exec
Note You can also require authorization before a user can issue specific commands by using the
aaa authorization command. For more information, refer to the Security Configuration Guide,
which is part of the Cisco IOS configuration guides and command references documentation.
Specifying the Authorization Method
Authorization methods are defined as optional keywords in the aaa authorization command. You
can specify any of the authorization methods listed in Table 7-7 for both network and EXEC
authorization.
Specifying Authorization Parameters on a TACACS+ Server
When you configure authorization, you must ensure that the parameters established on the access
server correspond with those set on the TACACS+ server.
Table 7-7 Authorization Methods
Authorization Methods Purpose
if-authenticated User is authorized if already authenticated.
local Uses the local database for authorization. The local database is created
using the username privilege command to assign users to a privilege
level from 0 to 15 and the privilege level command to assign
commands to these different levels.
none Authorization always succeeds.
radius Uses RADIUS authorization as defined on a RADIUS server.
tacacs+ Uses TACACS+ authorization as defined on a TACACS+ server.