cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

179
Views
5
Helpful
3
Replies
Participant

aaa authorization

Hi,

What is the difference between  1 and 2 

1)

aaa authorization commands default group tacacs+ none

 

2)

 

aaa authorization commands 0 default group tacacs+ local 
aaa authorization commands 10 default group tacacs+ local 
aaa authorization commands 15 default group tacacs+ local
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate

Re: aaa authorization

Maybe a picture helps

 

aaa-authz.png

 

 

Having said all that, the aaa accounting is still seen in ISE Command for all priv levels, even though I (thought I) told it to only log commands for users with level 15 - I wonder what is going on there?

 

 

aaa-acct.PNG

View solution in original post

3 REPLIES 3
VIP Advocate

Re: aaa authorization

Option 1 will use TACACS+ to authorize every command, and at any EXEC level (0-15)

Option 2 will use TACACS+ for those specific EXEC levels only (and not for others)

Participant

Re: aaa authorization

Hi,

Thanks for the reply 

 

Option 2 will use TACACS+ for those specific EXEC levels only (and not for others)

Can you explain little bit with example 

Thanks

VIP Advocate

Re: aaa authorization

Maybe a picture helps

 

aaa-authz.png

 

 

Having said all that, the aaa accounting is still seen in ISE Command for all priv levels, even though I (thought I) told it to only log commands for users with level 15 - I wonder what is going on there?

 

 

aaa-acct.PNG

View solution in original post