aaa authorization

From: Rich Collins (nilsi2002@gmail.com)
Date: Wed Sep 26 2007 - 12:50:04 ART

• Next message: Joseph Brunner: "RE: BGP ORF again"
• Previous message: Cecil Wilson: "Difference between N1 and N2 routes"
• Next in thread: Rich Collins: "Re: aaa authorization"
• Maybe reply: Rich Collins: "Re: aaa authorization"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was looking through an old lab exercise.

Exercise
aaa
create username admin, privilege 15, password cisco

when username admin telnets to switch, ensure he is authenticated
at the user level and enable level

also ensure that if user tries to enter any command then they are
authorized locally.

This seems to work:

aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local

!
username admin privilege 15 password 0 cisco

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
However the answer includes:
Aaa authorization commands 0 default local
Aaa authorization commands 1 default local
Aaa authorization commands 15 default local

It seems to work without or does the "authorization commands" default to
local if you don't specify anything?

Rich

• Next message: Joseph Brunner: "RE: BGP ORF again"
• Previous message: Cecil Wilson: "Difference between N1 and N2 routes"
• Next in thread: Rich Collins: "Re: aaa authorization"
• Maybe reply: Rich Collins: "Re: aaa authorization"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART