cc/td/doc/product/software/ios120/12supdoc/12cmdsum
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Authorization Commands

Authorization Commands

This chapter describes the function and displays the syntax for authorization commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Security Command Reference.

aaa authorization

Use the aaa authorization global configuration command to set parameters that restrict a user's network access. Use the no form of this command to disable authorization for a function.

aaa authorization {network | exec | commands level | reverse-access} {default | list-name} [method1 [method2...] ]
no aaa authorization {network | exec | commands level | reverse-access}

network

Runs authorization for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA.

exec

Runs authorization to determine if the user is allowed to run an EXEC shell. This facility might return user profile information such as autocommand information.

commands

Runs authorization for all commands at the specified privilege level.

level

Specific command level that should be authorized. Valid entries are
0 through 15.

reverse-access

Runs authorization for reverse access connections, such as reverse Telnet.

default

Uses the listed authorization methods that follow this argument as the default list of methods for authorization.

list-name

Character string used to name the list of authorization methods.

method1 [method2...]

One of the methods.


aaa authorization config-commands

To disable AAA configuration command authorization in the EXEC mode, use the no form of the aaa authorization config-commands global configuration command. Use the standard form of this command to reestablish the default created when the aaa authorization commands level method1 command was issued.

aaa authorization config-commands
no aaa authorization config-commands

aaa authorization reverse-access

To configure a network access server to request authorization information from a security server before allowing a user to establish a reverse Telnet session, use the aaa authorization reverse-access global configuration command. Use the no form of this command to restore the default value for this command.

aaa authorization reverse-access {radius | tacacs+}
no aaa authorization reverse-access {radius | tacacs+}

radius

Specifies that the network access server will request authorization from a RADIUS security server before allowing a user to establish a reverse Telnet session.

tacacs+

Specifies that the network access server will request authorization from a TACACS+ security server before allowing a user to establish a reverse Telnet session.


aaa new-model

To enable the AAA access control model, use the aaa new-model global configuration command. Use the no form of this command to disable the AAA access control model.

aaa new-model
no aaa new-model

authorization

To enable AAA authorization for a specific line or group of lines, use the authorization line configuration command. Use the no form of this command to disable authorization.

authorization {arap | commands level | exec | reverse-access} [default | list-name]
no authorization {arap | commands level | exec | reverse-access} [default | list-name]

arap

Enables authorization for line(s) configured for AppleTalk Remote Access (ARA) protocol.

commands

Enables authorization on the selected line(s) for all commands at the specified privilege level.

level

Specific command level to be authorized. Valid entries are 0 through  15.

exec

Enables authorization to determine if the user is allowed to run an EXEC shell on the selected line(s).

reverse-access

Enables authorization to determine if the user is allowed reverse access privileges.

default

(Optional) The name of the default method list, created with the aaa authorization command.

list-name

(Optional) Specifies the name of a list of authorization methods to use. If no list name is specified, the system uses the default. The list is created with the aaa authorization command.


ppp authorization

To enable AAA authorization on the selected interface, use the ppp authorization interface configuration command. Use the no form of this command to disable authorization.

ppp authorization [default | list-name]
no ppp authorization

default

(Optional) The name of the method list is created with the aaa authorization command.

list-name

(Optional) Specifies the name of a list of authorization methods to use. If no list name is specified, the system uses the default. The list is created with the aaa authorization command.



hometocprevnextglossaryfeedbacksearchhelp
Posted: Mon Feb 8 13:36:39 PST 1999
Copyright 1989-1999©Cisco Systems Inc.