Usage
Information
By default, access to commands are determined by the user’s role (if defined) or by
the user’s privilege level. If the aaa authorization role-only command is
enabled, then only the user’s role is used.
Before you enable role-based only AAA authorization:
1. Locally define a system administrator user role.This will give you access to
login with full permissions even if network connectivity to remote
authentication servers is not available.
2. Configure login authentication on the console. This ensures that all users are
properly identified through authentication no matter the access point
3. Specify an authentication method (RADIUS, TACACS+, or Local).
4. Specify authorization method (RADIUS, TACACS+ or Local).
5. Verify the configuration has been applied to the console or VTY line.
Related
Commands
login authentication, password, radius-server host, tacacs-server host
role
Changes command permissions for roles.
Syntax role mode { { { addrole | deleterole } role-name } | reset } command
To delete access to a command, use the no role mode role-name
Parameters
mode
Enter one of the following keywords as the mode for which
you are controlling access:
configure for CONFIGURATION mode
exec for EXEC mode
interface for INTERFACE modes
line for LINE mode
route-map for Route-map mode
router for Router mode
addrole Enter the keyword addrole to add permission to the
command. You cannot add or delete rights for the sysadmin
role.
deleterole
Enter the keyword deleterole to remove access to the
command. You cannot add or delete rights for the sysadmin
role.
Security
1669