Filter
Top Products
AAA Commands 247
User Guidelines
A maximum of five authorization method lists may be created for command
types.
Command authorization attempts authorization for all EXEC mode
commands associated with a privilege level, including global configuration
commands. Exec authorization attempts authorization when a user attempts
to enter Privileged EXEC mode.
If multiple authorization methods are listed, the switch will attempt
communication with each method in order, until successful communication
is established or all methods in the list have been tried. If authorization fails,
then the command is denied and no further attempts at authorization are
made for the user request.
The various utility commands like tftp,
ping
, outbound
telnet
also must pass
command authorization. Applying a script is treated as a single command
apply script which also must pass authorization. Startup-config commands
applied on device boot-up are not subject to the authorization process.
aaa authorization network default radius
Use the aaa authorization network default radius command in Global
Configuration mode to enable the switch to accept VLAN assignment by the
RADIUS server.
Syntax
aaa authorization network default radius
no aaa authorization network default radius
Method Notes
Local The local method is not supported for authorization. This
method is equivalent to selecting the none method.
TACACS Only TACACS is supported for command authorization.
None Selecting the none method authorizes all commands.
Radius The radius method is only valid for EXEC authorization.
Command authorization with RADIUS will work if and only if
the applied authentication method is also radius.
2CSPC4.X8100-SWUM102.book Page 247 Friday, March 15, 2013 8:56 AM