Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

aaa authorization

aaa authorization

To create a method list for authorization, use the aaa authorization command in global configuration mode. To disable authorization for a function, use the no form of this command.

aaaauthorization {commands exec network} {default list-name} {none local group {tacacs+ radius group-name}}

no aaa authorization {commands exec network} {default list-name}

Syntax Description

Defaults

Command Modes

Command History

commands

Configures authorization for all EXEC shell commands.

exec

Configures authorization for an interactive (EXEC) session.

 

 

network

Configures authorization for network services, such as PPP or Internet Key

 

Exchange (IKE).

 

 

default

Uses the listed authorization methods that follow this keyword as the default list

 

of methods for authorization.

 

 

list-name

Character string used to name the list of authorization methods.

 

 

none

Uses no authorization. If you specify none, no subsequent authorization methods

 

is attempted. However, the task ID authorization is always required and cannot be

 

disabled.

 

 

local

Uses local authorization. This method of authorization is not available for

 

command authorization.

 

 

group tacacs+

Uses the list of all configured TACACS+ servers for authorization.

 

 

group radius

Uses the list of all configured RADIUS servers for authorization. This method of

 

authorization is not available for command authorization.

 

 

group group-name

Uses a named subset of TACACS+ or RADIUS servers for authorization as

 

defined by the aaa group server tacacs+ or aaa group server radius command.

 

 

Authorization is disabled for all actions (equivalent to the method none keyword).

Global configuration

Release

Modification

Release 2.0

This command was introduced on the Cisco CRS-1.

 

 

Release 3.0

No modification.

 

 

Release 3.2

This command was supported on the Cisco XR 12000 Series Router.

 

 

Release 3.3.0

No modification.

 

 

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Cisco IOS XR System Security Command Reference

SR-9

Page 9
Image 9
Cisco Systems XR manual Aaa authorization, Network, Local, SR-9