Hi local authorization can't be used to achieve "per-command"
authorization. TACACS+ is used for that.
You can achieve exec (privilege) level authorization using local. The
authorization places users in privilege levels hereby giving access to
commands in the level that they are in.
On 5/23/10, estela Mathew <estelamathew_at_gmail.com> wrote:
> Hello friends,
>
> I want to do authorization for a user locallly on the router i dont have a
> TACACS OR RADIUS how i can achieve that.
>
> Suppose if i enable
>
> aaa authorization exec 123 local,
>
> line vty 0 4
> authorization exec 123
>
> Which user will be authorized and what commands fall in *exec* which will be
> authorized???
>
> The same if i do with
>
> aaa authorization commands 6 123 local
>
> aaa authorization config-commands
>
> what i will achieve by the above commands?????????
>
> I have read the AAA user guide but no proper example for verification.
>
> Can anybody help me a good book to clear the concepts of AAA.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Best Regards, Tolulope. Blogs and organic groups at http://www.ccie.netReceived on Sun May 23 2010 - 15:29:56 ART
This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART