Name
aaa authorization — global
Synopsis
aaa authorization {network | exec | commandlevel
}method ... method
no aaa authorization {network | exec | commandlevel
}
Configures
Authorization for actions
Default
Disabled
Description
This command sets the authorization method for different command sets.
-
network
Sets the authorization method used for network commands.
-
exec
Sets the authorization method for any EXEC-level command.
-
command level
Sets the authorization method for commands at the given privilege level. Privilege levels range from 0 to 15, inclusive.
-
method ... method
Specifies where the device looks up the authorization information for a user.
method
describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all have failed. The valid method types aregroup tacacs
+,if-authenticated
,none
,local
,group radius
, andkrb5-instance
.
Example
The following commands require TACACS+ authentication for users giving commands at level 8.
aaa new-model aaa authorization command 8 group tacacs+ none
Get Cisco IOS in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.