topic Re: AAA Authorization Using Local Database in Network Access Control

AAA Authorization Using Local Database

helios999 — Sun, 10 Mar 2019 23:35:00 GMT

Hi Guys,

I'm planning to use AAA authorization using local database. I have read already about it, I have configured the AAA new-model command and I have setup user's already. But I'm stuck at the part where I will already give certain user access to certain commands using local database. Hope you can help on this.

FYI: I know using ACS/TACACS+/RADIUS is much more easy and powerful but my company will most likely only use local database.

Re: AAA Authorization Using Local Database

Jagdeep Gambhir — Thu, 09 Jul 2009 14:54:48 GMT

For allowing limited read only access , use this example,

We need these commands on the switch

Switch(config)#do sh run | in priv

username admin privilege 15 password 0 cisco123!

username test privilege 0 password 0 cisco

privilege exec level 0 show ip interface brief

privilege exec level 0 show ip interface

privilege exec level 0 show interface

privilege exec level 0 show switch

No need for user to login to enable mode. All priv 0 commands are now there in the user mode. See below

User Access Verification

Username: test

Password:

Switch>show ?

diagnostic Show command for diagnostic

flash1: display information about flash1: file system

flash: display information about flash: file system

interfaces Interface status and configuration

ip IP information

switch show information about the stack ring

Switch>show switch

Switch/Stack Mac Address : 0015.f9c1.ca80

H/W Current

Switch# Role Mac Address Priority Version State

----------------------------------------------------------

*1 Master 0015.f9c1.ca80 1 0 Ready

Switch>show run

% Invalid input detected at '^' marker.

Switch>show aaa server

% Invalid input detected at '^' marker.

Switch>show inter

Switch>show interfaces

Vlan1 is up, line protocol is up

Hardware is EtherSVI, address is 0015.f9c1.cac0 (bia 0015.f9c1.cac0)

Internet address is 192.168.26.3/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Switch>

Please check this link,

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

Regards,

~JG

Do rate helpful posts

Re: AAA Authorization Using Local Database

helios999 — Fri, 10 Jul 2009 01:11:57 GMT

Hi JG,

Thanks for your reply and it is very helpful. I just like to confirm that what you showed is using AAA authorization on local database, right?

Regards,

John

Re: AAA Authorization Using Local Database

helios999 — Fri, 10 Jul 2009 04:24:29 GMT

Hi JG,

One more thing can you enlighten me about the command "privilege interface and privilege configure"? Or do you have a link that discusses this commands?

Thanks.

John