|
|
This chapter explains the function and syntax of the authorization commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Cisco IOS Security Command Reference, Release 12.1.
Syntax Description
network Runs authorization for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA. exec Runs authorization to determine if the user is allowed to run an EXEC shell. This facility might return user profile information such as autocommand information. commands Runs authorization for all commands at the specified privilege level. level Specific command level that should be authorized. Valid entries are reverse-access Runs authorization for reverse access connections, such as reverse Telnet. default Uses the listed authorization methods that follow this argument as the default list of methods for authorization. list-name Character string used to name the list of authorization methods. method1 [method2...] One of the keywords listed in Table 38.
0 through 15.
Table 38 describes method keywords.
| Keyword | Description |
|---|---|
group radius | Uses the list of all RADIUS servers for authentication. |
group tacacs+ | Uses the list of all TACACS+ servers for authentication. |
group group-name | Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command. |
if-authenticated | Allows the user to access the requested function if the user is authenticated. |
none | No authorization is performed. |
local | Uses the local database for authorization. |
krb5-instance | Uses the instance defined by the kerberos instance map command. |
Syntax Description
This command has no arguments or keywords.
Syntax Description
group radius Specifies that the network access server will request authorization from a RADIUS security server before allowing a user to establish a reverse Telnet session. group tacacs+ Specifies that the network access server will request authorization from a TACACS+ security server before allowing a user to establish a reverse Telnet session.
Syntax Description
arap Enables authorization for line(s) configured for AppleTalk Remote Access (ARA) protocol. commands Enables authorization on the selected line(s) for all commands at the specified privilege level. level Specific command level to be authorized. Valid entries are 0 through 15. exec Enables authorization to determine if the user is allowed to run an EXEC shell on the selected line(s). reverse-access Enables authorization to determine if the user is allowed reverse access privileges. default (Optional) The name of the default method list, created with the aaa authorization command. list-name (Optional) Specifies the name of a list of authorization methods to use. If no list name is specified, the system uses the default. The list is created with the aaa authorization command.
To enable AAA authorization on the selected interface, use the ppp authorization command in interface configuration mode. Use the no form of this command to disable authorization.
ppp authorization [default | list-name]
Syntax Description
default (Optional) The name of the method list is created with the aaa authorization command. list-name (Optional) Specifies the name of a list of authorization methods to use. If no list name is specified, the system uses the default. The list is created with the aaa authorization command.
Posted: Wed Jul 26 16:11:46 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.