Administrator Guide
Security Commands 871
Authorization is not enabled by default. Authorization supports Exec
authorization and network authorization for RADIUS. Only TACACS is
supported for command authorization. Setting a none or local method for
authorization authorizes Exec access for all functions.
The following default Authorization Methods List is present by default:
Command Mode
Global Configuration mode
User Guidelines
A maximum of five authorization method lists may be created for exec and
command types. The default methods may not be deleted.
When command authorization is configured for a line mode, the switch
sends information about the entered command to the AAA server. The AAA
server validates the received command and responds with a PASS or FAIL. If a
PASS response is received, the command is executed. If a FAIL response is
received, the command is not executed and a message is displayed to the user.
Command authorization attempts authorization for all Exec mode
commands associated with a privilege level, including global configuration
commands. Exec authorization attempts authorization when a user attempts
to enter Privileged Exec mode.
When exec authorization is configured for a line mode, the use may not be
required to use the enable command to enter Privileged Exec mode. If the
authorization response indicates the user has privileges for Privileged Exec
mode, then the switch bypasses User Exec mode entirely.
If multiple authorization methods are listed, the switch will attempt
communication with each method in order, until successful communication
is established or all methods in the list have been tried. If authorization fails,
then the command is denied and no further attempts at authorization are
made for the user request.
Default List Name Description Authorization Method
dfltCmdAuthList Default Command List None
dfltExecAuthList Default Exec list None