CLI Guide
Security Commands 937
Example
Per command authorization example for telnet access using TACACS:
Configure the Authorization Method list.
console(config)#aaa authorization commands telnet-list tacacs
Apply the AML to an access line mode (telnet):
console(config)#line telnet
console(config-telnet)#authorization commands telnet-list
Exec authorization example for SSH using RADIUS with a fallback to the
none method:
Configure the Authorization Method list.
console(config)#aaa authorization exec exec-list radius none
Apply the AML to an access line mode (SSH):
console(config)#line ssh
console(config-ssh)#authorization exec exec-list
Display the authorization methods:
console#show authorization methods
Exec Authorization List Methods
---------------------------- ------------------------------
dfltExecAuthList none
exec-list radius none
Command Authorization List Methods
---------------------------- ------------------------------
dfltCmdAuthList none
telnet-list tacacs
Line Exec Method Lists Command Method Lists
--------- --------------------- ---------------------
Console dfltExecAuthList dfltCmdAuthList
Telnet dfltExecAuthList telnet-list
SSH exec-list dfltCmdAuthList
TACACS Selects TACACS for command or exec authorization.
None Selecting the none method authorizes all commands. This
option is valid for both command and Exec authorization.
RADIUS The radius method is valid for Exec authorization and Network
authorization. Network and Exec authorization with RADIUS
will work only if the applied authentication method is radius.