Reference Guide

252 AAA Commands

The following default Authorization Methods List is present by default:

Command Mode

Global Config mode

User Guidelines

A maximum of five authorization method lists may be created for command

types.

Command authorization attempts authorization for all EXEC mode

commands associated with a privilege level, including global configuration

commands. Exec authorization attempts authorization when a user attempts

to enter Privileged EXEC mode.

If multiple authorization methods are listed, the switch will attempt

communication with each method in order, until successful communication

is established or all methods in the list have been tried. If authorization fails,

then the command is denied and no further attempts at authorization are

made for the user request.

The various utility commands like tftp,

ping

, outbound

telnet

also must pass

command authorization. Applying a script is treated as a single command

apply script which also must pass authorization. Startup-config commands

applied on device boot-up are not subject to the authorization process.

Default List Name Description Authorization Method

dfltCmdAuthList Default Command List None

dfltExecAuthList Default EXEC list None

Method Notes

Local The local method is not supported for authorization. This

method is equivalent to selecting the none method.

TACACS Only TACACS is supported for command authorization.

None Selecting the none method authorizes all commands.

Radius The radius method is only valid for EXEC authorization.

Command authorization with RADIUS will work if and only if

the applied authentication method is also radius.

2CSPC4.XModular-SWUM204.book Page 252 Friday, March 15, 2013 9:24 AM