Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1845
Views
5
Helpful
3
Replies

aaa authorization

Go to solution
elite2010
Level 3
Level 3

‎12-09-2019 03:35 AM - edited ‎02-21-2020 11:12 AM

Hi,

What is the difference between  1 and 2 

1)

aaa authorization commands default group tacacs+ none

 

2)

 

aaa authorization commands 0 default group tacacs+ local 
aaa authorization commands 10 default group tacacs+ local 
aaa authorization commands 15 default group tacacs+ local
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP
In response to elite2010

‎12-12-2019 03:57 PM

Maybe a picture helps

 

aaa-authz.png

 

 

Having said all that, the aaa accounting is still seen in ISE Command for all priv levels, even though I (thought I) told it to only log commands for users with level 15 - I wonder what is going on there?

 

 

aaa-acct.PNG

View solution in original post

3 Replies 3

Go to solution
Arne Bier
VIP
VIP

‎12-10-2019 01:20 PM

Option 1 will use TACACS+ to authorize every command, and at any EXEC level (0-15)

Option 2 will use TACACS+ for those specific EXEC levels only (and not for others)

0 Helpful

Go to solution
elite2010
Level 3
Level 3
In response to Arne Bier

‎12-11-2019 09:28 PM

Hi,

Thanks for the reply 

 

Option 2 will use TACACS+ for those specific EXEC levels only (and not for others)

Can you explain little bit with example 

Thanks

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to elite2010

‎12-12-2019 03:57 PM

Maybe a picture helps

 

aaa-authz.png

 

 

Having said all that, the aaa accounting is still seen in ISE Command for all priv levels, even though I (thought I) told it to only log commands for users with level 15 - I wonder what is going on there?

 

 

aaa-acct.PNG

Customers Also Viewed These Support Documents