Name

aaa authorization — global

Synopsis

aaa authorization {network | exec | command level} method ... method
no aaa authorization {network | exec | command level}

Configures

Authorization for actions

Default

Disabled

Description

This command sets the authorization method for different command sets.

network

Sets the authorization method used for network commands.

exec

Sets the authorization method for any EXEC-level command.

command level

Sets the authorization method for commands at the given privilege level. Privilege levels range from 0 to 15, inclusive.

method ... method

Specifies where the device looks up the authorization information for a user. method describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all have failed. The valid method types are group tacacs+, if-authenticated, none, local, group radius, and krb5-instance.

Example

The following commands require TACACS+ authentication for users giving commands at level 8.

aaa new-model
aaa authorization command 8 group tacacs+ none

Get Cisco IOS in a Nutshell, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.