Command Line Interface Guide
246 AAA Commands
Default Configuration
Authorization is not enabled by default. Only TACACS is supported for
authorization. Setting a none method for authorization authorizes all
commands.
The following default Authorization Methods List is present by default:
Command Mode
Global Config mode
User Guidelines
A maximum of five authorization method lists may be created for command
types.
Command authorization attempts authorization for all EXEC mode
commands associated with a privilege level, including global configuration
commands. Exec authorization attempts authorization when a user attempts
to enter Privileged EXEC mode.
If multiple authorization methods are listed, the switch will attempt
communication with each method in order, until successful communication
is established or all methods in the list have been tried. If authorization fails,
then the command is denied and no further attempts at authorization are
made for the user request.
The various utility commands like tftp,
ping
, outbound
telnet
also must pass
command authorization. Applying a script is treated as a single command
apply script which also must pass authorization. Startup-config commands
applied on device boot-up are not subject to the authorization process.
Default List Name Description Authorization Method
dfltCmdAuthList Default Command List None
dfltExecAuthList Default EXEC list None
Method Notes
Local The local method is not supported for authorization. This
method is equivalent to selecting the none method.
TACACS Only TACACS is supported for command authorization.
2CSPC4.X8100-SWUM100.book Page 246 Wednesday, August 29, 2012 6:23 PM