Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentAS5300 - Universal Access Server
121122123124125126127128129130
Configuring Authorization
Cisco AS5300 Universal Access Server Software Configuration Guide
4-18
Specifying the Authorization Method
Authorization methods are defined as optional keywords in the aaa authorization command. You
can specify any of the authorization methods listed in Table 4-8 for both network and EXEC
authorization.
Table 4-8 AAA Authorization Method
Specifying Authorization Parameters on a TACACS+ Server
When you configure authorization, you must ensure that the parameters established on the access
server correspond with those set on the TACACS+ server.
Authorization Examples
The following example uses a TACACS+ server to authorize the use of network services, including
PPP and ARA. If the TACACS+ server is not available or has no information about a user, no
authorization is performed and the user can use all network services:
5300(config)# aaa authorization network tacacs+ none
The following example permits the user to run the EXEC process if the user is already authenticated.
If the user is not already authenticated, the Cisco IOS software defers to a RADIUS server for
authorization information:
5300(config)# aaa authorization exec if-authenticated radius
The following example configures network authorization. If the TACACS+ server does not respond
or has no information about the username being authorized, the RADIUS server is polled for
authorization information for the user. If the RADIUS server does not respond, the user still can
access all network resources without authorization requirements.
5300(config)# aaa authorization network tacacs+ radius none
Method Description
if-authenticated User is authorized if already authenticated.
none Authorization always succeeds.
local Uses the local database for authorization. The local database is created using
the username privilege command to assign users to a privilege level from
0to15 and the privilege level command to assign commands to these
different levels.
radius Uses RADIUS authorization as defined on a RADIUS server.
tacacs+ Uses TACACS+ authorization as defined on a TACACS+ server.