CLI Guide
To return to the default setting, use the no aaa authentication role-only command.
Parameters
name
Enter a text string for the name of the user up to 63 characters. It cannot be one of the
system dened roles (sysadmin, secadmin, netadmin, netoperator).
inherit existing-role-
name
Enter the inherit keyword then specify the system dened role to inherit permissions
from (sysadmin, secadmin, netadmin, netoperator).
Defaults none
Command Modes CONFIGURATION
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.7(0.0) Introduced on the S6000-ON.
9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, and MXL.
Usage Information
By default, access to commands are determined by the user’s role (if dened) or by the user’s privilege level. If the
aaa authorization role-only command is enabled, then only the user’s role is used.
Before you enable role-based only AAA authorization:
1 Locally dene a system administrator user role.This will give you access to login with full permissions even if
network connectivity to remote authentication servers is not available.
2 Congure login authentication on the console. This ensures that all users are properly identied through
authentication no matter the access point
3 Specify an authentication method (RADIUS, TACACS+, or Local).
4 Specify authorization method (RADIUS, TACACS+ or Local).
5 Verify the conguration has been applied to the console or VTY line.
Related Commands login authentication, password, radius-server host, tacacs-server host
aaa authorization cong-commands
Set parameters that restrict (or permit) a user’s access to EXEC level commands.
Syntax
aaa authorization config-commands
Disable authorization checking for CONFIGURATION level commands using the no aaa authorization
config-commands command.
Defaults Enabled when you congure aaa authorization commands command.
Command Modes CONFIGURATION
Supported Modes All Modes.
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
Security 1133