10-02-2016 08:28 PM - edited 03-11-2019 12:07 AM
Hello Team,
i was going through a AAA configuration i came across two commands:-
As per my knowledge first command is gives command privileges when the users are at privilege level 1 0 and 15 ie when user are at privilege level 1 they are allowed to perform certain commands specified in the TACACS server under their respective username and password
The second command provides user to perform certain commands when he is in privilege exec mode
Please correct me if i am wrong.
My question is that when user is at privilege exec mode he is in privilege level 15 so whats the difference between first and second command
My second question is what is difference between TACACS and RADUIS .. when do we use TACACS and when do we use RADIUS ?
Thank you!
10-02-2016 11:38 PM
The first command means only level 0,1 will be checked against TACACS server.
Second means to allow direct access to exec mode with bypassing enable. In order to achieve, need to push priv 15 from TACACS server.
You can configure Command Set for full access or as per your commands allowed for users.
TACACS is used for
RADIUS used for
2. Network Access. Securing network access can provide the identity of the device or user before permitting the entity to communicate with the network. This is AAA for secure network access.
reference below document
http://www.networkworld.com/article/2838882/radius-versus-tacacs.html
Regards
Gagan
ps : rate if it helps!!!!
10-03-2016 08:35 PM
Hi Gagan,
Thank you for your reply
So when i am configuring aaa authorization exec EXEC_AUTHOR group tacacs local the privilege level of user should always be 15 . And when i configure the command it will give user direct access to privilege executive mode and not to the user mode and with a privilege level 15 Right ?
Then what does aaa authorization commands 15 TACACS_USER group TACACS do ?
Thanks!
10-04-2016 04:51 AM
Please refer below doc, you will get your all answers
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/99361-acs-shell-auth.html
Regards
Gagan
PS : rate if it helps!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide