Re: AAA from Sadiq Yakasai on 2010-05-23 (Ccielab archives 05/2010)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Sun, 23 May 2010 15:40:10 +0100

Or IOW,

You can simply place users at different privilege levels and "assign"
commands to those various levels (you have users on). This way you are
matching a privilege level with associated commands and placing users at
various privilege levels.

This is some form of local authorization for exec too.

Sadiq

On Sun, May 23, 2010 at 3:29 PM, Tolulope Ogunsina <togunsina_at_gmail.com>wrote:

> Hi local authorization can't be used to achieve "per-command"
> authorization. TACACS+ is used for that.
>
> You can achieve exec (privilege) level authorization using local. The
> authorization places users in privilege levels hereby giving access to
> commands in the level that they are in.
>
> On 5/23/10, estela Mathew <estelamathew_at_gmail.com> wrote:
> > Hello friends,
> >
> > I want to do authorization for a user locallly on the router i dont have
> a
> > TACACS OR RADIUS how i can achieve that.
> >
> > Suppose if i enable
> >
> > aaa authorization exec 123 local,
> >
> > line vty 0 4
> > authorization exec 123
> >
> > Which user will be authorized and what commands fall in *exec* which will
> be
> > authorized???
> >
> > The same if i do with
> >
> > aaa authorization commands 6 123 local
> >
> > aaa authorization config-commands
> >
> > what i will achieve by the above commands?????????
> >
> > I have read the AAA user guide but no proper example for verification.
> >
> > Can anybody help me a good book to clear the concepts of AAA.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Best Regards,
>
> Tolulope.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net

Received on Sun May 23 2010 - 15:40:10 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART