Users Guide
Security Commands 934
aaa authorization
Use the aaa authorization command to enable authorization and optionally
create an authorization method list. A list may be identified by a user-
specified list-name or the keyword default.
Use the no form of the command to disable authorization and optionally
delete an authorization list.
Syntax
aaa authorization {commands|exec|network}{default|list-name}
{method1 [method2]}
no aaa authorization {commands|exec|network} {default|list-name}
• exec—
Provides Exec authorization. All methods are supported.
• commands—
Performs authorization of user commands. Only none and
TACACs methods are supported.
• network—
Performs RADIUS authorization. Only the default list is
supported.
• default—
The default list of methods for authorization services
. The list
dfltCmdAuthList is the default list for command authorization and the
list dfltExecAuthList is the default list for Exec authorization.
• list-name—
Character string used to name the list of authorization
methods. The list name can consist of any alphanumeric character up to
20 characters in length. Use quotes around the list name if embedded
blanks are contained in the list name.
• method—The following authorization methods are supported:
– local—Perform local authorization.
– none—Do not perform authorization. All functions are authorized.
– radius—Request authorization from the configured RADIUS servers.
– tacacs—Request authorization from the configured TACACS+
servers.
Default Configuration
When authorization is enabled, the switch attempts to authorize the listed
function using the configured method.