From: Rich Collins (nilsi2002@gmail.com)
Date: Wed Sep 26 2007 - 18:45:20 ART
Actually I was trying to focus on the aaa authorization part.
I tried adding this
aaa authorization commands 15 default group tacacs+
I could still log in but (without a tacacs server) could not run commands
like "show run".
So I guess the default would be local but on the test one should
specifically enter configurations instead of relying on default behavior.
On 9/26/07, raul raul <juvenn@hotmail.com> wrote:
>
>
> eg.
>
> aaa-new model
> aaa authen login no_auth none
>
> line console 0
> login authen no_auth
>
>
> > Date: Wed, 26 Sep 2007 11:50:04 -0400
> > From: nilsi2002@gmail.com
> > To: ccielab@groupstudy.com
> > Subject: aaa authorization
> >
> > I was looking through an old lab exercise.
> >
> > Exercise
> > aaa
> > create username admin, privilege 15, password cisco
> >
> > when username admin telnets to switch, ensure he is authenticated
> > at the user level and enable level
> >
> > also ensure that if user tries to enter any command then they are
> > authorized locally.
> >
> > This seems to work:
> >
> > aaa new-model
> > !
> > !
> > aaa authentication login default local
> > aaa authorization exec default local
> >
> > !
> > username admin privilege 15 password 0 cisco
> >
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> > However the answer includes:
> > Aaa authorization commands 0 default local
> > Aaa authorization commands 1 default local
> > Aaa authorization commands 15 default local
> >
> >
> > It seems to work without or does the "authorization commands" default to
> > local if you don't specify anything?
> >
> > Rich
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> ------------------------------
> Live Search: Better results, fast Try it now!<http://get.live.com/search/overview>
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART