Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1169
Views
0
Helpful
1
Replies

aaa new-model command confusion

amnixzel1983
Level 1
Level 1

‎03-27-2013 11:33 PM - edited ‎02-21-2020 10:28 AM

Hi,

I plan to take the CCNA Security exam, i have a home lab. and quite confuse with aaa new-model commands. Here's the commands that i issue on the router:

# aaa new-model

# radius-server host 192.168.1.3 key @testkey

# ip radius-source interface fa0/1

# aaa authentication login default group radius

# aaa authorization exec default group radius

# line vty 0 4

# login authentication default

# no aaa authorization config-commands

# no aaa authorization commands 15 defualt

ON MY ACS server

i have user named user01 / (Cisco IOS/PIX 6.x RADIUS Attributes: on "[009\001] cisco-av-pair") i declare "shell:priv-lvl=15"

Above are my configurations, why is it that even though i disabled "config-commands" and "commands 15" by negating, i still can access Global Config-Mode (config T / config# ) and able to issue commands there? Can you explain to me in detail the last two commands? How it's being use?

Tnx in advance...

Note: The reason why I used radius this for training purpose and I need to know the basic...

Labels:
0 Helpful
1 Reply 1

amnixzel1983
Level 1
Level 1

‎03-28-2013 03:45 AM

is this a correct notion that since "Radius server does not allow user to control which commands can be executed on a router and which cannot", so invoking those two commands ("[no] aaa authorization config-commands and [no] aaa authorization commands 15 default") on my router has no meaning or it's just a useless command since RADIUS server doesn't support it.

Hope that somebody here will made this clear to me. Thank you...

0 Helpful
Customers Also Viewed These Support Documents