Users Guide

Table Of Contents

338 Authentication, Authorization, and Accounting

Authorization Examples

Authorization allows the administrator to control which services a user is

allowed to access. Some of the things that can be controlled with

authorization include the user's initial privilege level and which commands

the user is allowed to execute. When authorization fails, the user is denied

access to the switch, even though the user has passed authentication.

The following examples assume that the configuration used in the previous

examples has already been applied.

Local Authorization Example—Direct Login to Privileged Exec Mode

Apply the following configuration to use the local user database for

authorization, such that a user can enter Privileged Exec mode directly:

aaa authorization exec “locex” local

line telnet

authorization exec locex

exit

Table 9-9. Default Administrative Profiles

Name Description

network-admin Allows access to all commands.

network-security Allows access to network security features such as 802.1X,

Voice VLAN, Dynamic ARP Inspection and IP Source

Guard.

router-admin Allows access to Layer 3 features such as IPv4 Routing, IPv6

Routing, OSPF, RIP, etc.

multicast-admin Allows access to multicast features at all layers, this includes

L2, IPv4 and IPv6 multicast, IGMP, IGMP Snooping, etc.

dhcp-admin Allows access to DHCP related features such as DHCP

Server and DHCP Snooping.

CP-admin Allows access to the Captive Portal feature.

network-operator Allows access to all User Exec mode commands and show

commands.