Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure the Authorization Function in the AAA Domain

After successful authentication, the authorization function of AAA can control the rights of administrator users for device resources and access for network resources, restrict administrators to execute unauthorized commands, and restrict access users to access unauthorized network resources.

Configuration Condition

When configuring the command line authorization in the domain, first configure the authorization of enabling the command line so that the configured command line authorization in the domain can take effect.

Configure the Authorization Method in the ISP Domain

When a user executes an authorization item in a specific ISP domain, AAA can authorize the user, grant the user certain authorities, and prohibit the unauthorized user to execute the authorization item in the domain.

Table 11-4 Configure the authorization method list in the ISP domain

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enter the ISP domain view

domain isp-name

Mandatory

By default, the system has one ISP domain named system.

Configure the default authorization method in the ISP domain

aaa authorization default { if-authenticated / local / none / radius-group group-name / tacacs-group group-name }

Optional

By default, the authorization method in the ISP domain is none.

Configure the commands authorization method in the ISP domain

aaa authorization commands cmd-lvl { if-authenticated / none / radius-group group-name / tacacs-group group-name }

Optional

By default, do not configure the commands authorization method in the ISP domain, and the authorization method in the domain is none.

The command authorization function must be enabled so that the configuration can take effect.

Configure the authorization method of the user logging into the device in the ISP domain

aaa authorization login { if-authenticated / local / none / radius-group group-name / tacacs-group group-name }

Optional

By default, do not configure the login authorization method in the ISP domain, but adopt the default authorization method in the domain.

note


  • The AAA authorization commands and aaa authorization config-commands commands are configured in no sequence.