User Authentication
3-67
3
Authorization Settings
AAA authorization is a feature that verifies a user has access to specific services.
Command Attributes
• Method Name – Specifies an authorization method for service requests.
The “default” method is used for a requested service if no other methods have been
defined. (Range: 1-255 characters)
• Service Request – Specifies the service as Exec (authorization for local console
or Telnet connections).
• Group Name - Specifes the authorization server group. (Range: 1-255 characters)
The group name “tacacs+” specifies all configured TACACS+ hosts (see
“Configuring Local/Remote Logon Authentication” on page 3-53). Any other group
name refers to a server group configured on the TACACS+ Group Settings page.
Authorization is only supported for TACACS+ servers.
Web – Click Security, AAA, Authorization, Settings. To configure a new authorization
method, specify a method name and a group name, select the service, then click
Add.
Figure 3-44 AAA Authorization Settings
CLI – Specify the authorization method required and the server group.
Console#show accounting statistics
Total entries: 3
Acconting type : dot1x
Username : testpc
Interface : eth 1/1
Time elapsed since connected: 00:24:44
Acconting type : exec
Username : admin
Interface : vty 0
Time elapsed since connected: 00:25:09
Console#
Console(config)#aaa authorization exec default group tacacs+ 4-108
Console(config)#