Using AAA for Command Authorization
Command authorization is a Cisco IOS feature that allows privilege levels to be established for various users who need to have shell access to a router for administrative purposes. Based on the users' AAA profiles, a router can allow users to execute only the set of commands for which they are authorized while stopping them from executing all other commands. This is a very important feature in environments where there is a need to allow various users to access the routers but where control needs to be exercised to prevent intentional or unintentional abuses to the router setup. Example 19-12 shows how to set up command authorization on a router.
Example 19-12. Setting Up Command Authorization on a Router
Get Network Security Principles and Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
