Authorization Commands

This chapter describes the function and displays the syntax for authorization commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Security Command Reference.

aaa authorization

Use the aaa authorization global configuration command to set parameters that restrict a user's network access. Use the no form of this command to disable authorization for a function.

network	Runs authorization for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA.
exec	Runs authorization to determine if the user is allowed to run an EXEC shell. This facility might return user profile information such as autocommand information.
commands	Runs authorization for all commands at the specified privilege level.
level	Specific command level that should be authorized. Valid entries are 0 through 15.
reverse-access	Runs authorization for reverse access connections, such as reverse Telnet.
default	Uses the listed authorization methods that follow this argument as the default list of methods for authorization.
list-name	Character string used to name the list of authorization methods.
method1 [method2...]	One of the methods.

aaa authorization {network | exec | commands level | reverse-access} {default | list-name} [method1 [method2...] ]
no aaa authorization {network | exec | commands level | reverse-access}

network

Runs authorization for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA.

exec

Runs authorization to determine if the user is allowed to run an EXEC shell. This facility might return user profile information such as autocommand information.

commands

Runs authorization for all commands at the specified privilege level.

level

Specific command level that should be authorized. Valid entries are
0 through 15.

reverse-access

Runs authorization for reverse access connections, such as reverse Telnet.

default

Uses the listed authorization methods that follow this argument as the default list of methods for authorization.

list-name

Character string used to name the list of authorization methods.

method1 [method2...]

One of the methods.

aaa authorization config-commands

To disable AAA configuration command authorization in the EXEC mode, use the no form of the aaa authorization config-commands global configuration command. Use the standard form of this command to reestablish the default created when the aaa authorization commands level method1 command was issued.

aaa authorization config-commands
no aaa authorization config-commands

aaa authorization reverse-access

To configure a network access server to request authorization information from a security server before allowing a user to establish a reverse Telnet session, use the aaa authorization reverse-access global configuration command. Use the no form of this command to restore the default value for this command.

radius	Specifies that the network access server will request authorization from a RADIUS security server before allowing a user to establish a reverse Telnet session.
tacacs+	Specifies that the network access server will request authorization from a TACACS+ security server before allowing a user to establish a reverse Telnet session.

aaa authorization reverse-access {radius | tacacs+}
no aaa authorization reverse-access {radius | tacacs+}

radius

Specifies that the network access server will request authorization from a RADIUS security server before allowing a user to establish a reverse Telnet session.

tacacs+

Specifies that the network access server will request authorization from a TACACS+ security server before allowing a user to establish a reverse Telnet session.

aaa new-model

To enable the AAA access control model, use the aaa new-model global configuration command. Use the no form of this command to disable the AAA access control model.

aaa new-model
no aaa new-model

a uthorization

To enable AAA authorization for a specific line or group of lines, use the authorization line configuration command. Use the no form of this command to disable authorization.

arap	Enables authorization for line(s) configured for AppleTalk Remote Access (ARA) protocol.
commands	Enables authorization on the selected line(s) for all commands at the specified privilege level.
level	Specific command level to be authorized. Valid entries are 0 through 15.
exec	Enables authorization to determine if the user is allowed to run an EXEC shell on the selected line(s).
reverse-access	Enables authorization to determine if the user is allowed reverse access privileges.
default	(Optional) The name of the default method list, created with the aaa authorization command.
list-name	(Optional) Specifies the name of a list of authorization methods to use. If no list name is specified, the system uses the default. The list is created with the aaa authorization command.

authorization {arap | commands level | exec | reverse-access} [default | list-name]
no authorization {arap | commands level | exec | reverse-access} [default | list-name]

arap

Enables authorization for line(s) configured for AppleTalk Remote Access (ARA) protocol.

commands

Enables authorization on the selected line(s) for all commands at the specified privilege level.

level

Specific command level to be authorized. Valid entries are 0 through 15.

exec

Enables authorization to determine if the user is allowed to run an EXEC shell on the selected line(s).

reverse-access

Enables authorization to determine if the user is allowed reverse access privileges.

default

(Optional) The name of the default method list, created with the aaa authorization command.

list-name

(Optional) Specifies the name of a list of authorization methods to use. If no list name is specified, the system uses the default. The list is created with the aaa authorization command.

ppp authorization

To enable AAA authorization on the selected interface, use the ppp authorization interface configuration command. Use the no form of this command to disable authorization.

default	(Optional) The name of the method list is created with the aaa authorization command.
list-name	(Optional) Specifies the name of a list of authorization methods to use. If no list name is specified, the system uses the default. The list is created with the aaa authorization command.

ppp authorization [default | list-name]
no ppp authorization

default

(Optional) The name of the method list is created with the aaa authorization command.

list-name

(Optional) Specifies the name of a list of authorization methods to use. If no list name is specified, the system uses the default. The list is created with the aaa authorization command.

Table of Contents