Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
4
Helpful
4
Replies

AAA authorization network

Raminkn20
Level 1
Level 1

‎09-01-2023 12:03 AM - edited ‎09-01-2023 12:10 AM

Hi, i have a question about aaa authorization. 
i started to learn about cisco ISE , but i got stuck in the:
"aaa authorization network .... " command.

we know after "network" we can insert "default" or name of authorization list. what's the diffrence between them?

0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎09-01-2023 12:42 AM

@Raminkn20 technically there is no difference between the default or a named method list, you can configure them the same. Typically the default method list is used for authentication, authorisation and accounting.

An example where a named authentication/authorisation method list may be used is if deploying differentiated 802.1X authentication, where on a switch different ports are authorised by different RADIUS servers. You'd require multiple method lists, each referencing difference RADIUS server group. Reference - https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515#toc-hId--409339797

 

Raminkn20
Level 1
Level 1
In response to Rob Ingram

‎09-01-2023 12:28 PM

Great, i find out ... Thanks my friend

0 Helpful

M02@rt37
VIP
VIP

‎09-01-2023 02:36 AM

Hello @Raminkn20,

Technically, you can configure both the 'default' and named method lists to contain similar authorization settings. The key advantage of using named authorization method lists is the ability to create customized authorization policies that cater to specific network scenarios, user groups, or RADIUS server configurations. This level of customization is particularly valuable in complex network environments.

In simpler setups, the 'default' method list often serves well for most cases because it provides a convenient way to apply a common set of authorization policies across the device. However, as @Rob Ingram  mentioned, in more sophisticated network deployments where differentiation based on various criteria (like RADIUS server groups) is required, named method lists become essential for managing and applying distinct authorization rules to different scenarios.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Raminkn20
Level 1
Level 1
In response to M02@rt37

‎09-01-2023 12:29 PM

thanks for your explanation .... i figured out

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card