09-01-2023 12:03 AM - edited 09-01-2023 12:10 AM
Hi, i have a question about aaa authorization.
i started to learn about cisco ISE , but i got stuck in the:
"aaa authorization network .... " command.
we know after "network" we can insert "default" or name of authorization list. what's the diffrence between them?
09-01-2023 12:42 AM
@Raminkn20 technically there is no difference between the default or a named method list, you can configure them the same. Typically the default method list is used for authentication, authorisation and accounting.
An example where a named authentication/authorisation method list may be used is if deploying differentiated 802.1X authentication, where on a switch different ports are authorised by different RADIUS servers. You'd require multiple method lists, each referencing difference RADIUS server group. Reference - https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515#toc-hId--409339797
09-01-2023 12:28 PM
Great, i find out ... Thanks my friend
09-01-2023 02:36 AM
Hello @Raminkn20,
Technically, you can configure both the 'default' and named method lists to contain similar authorization settings. The key advantage of using named authorization method lists is the ability to create customized authorization policies that cater to specific network scenarios, user groups, or RADIUS server configurations. This level of customization is particularly valuable in complex network environments.
In simpler setups, the 'default' method list often serves well for most cases because it provides a convenient way to apply a common set of authorization policies across the device. However, as @Rob Ingram mentioned, in more sophisticated network deployments where differentiation based on various criteria (like RADIUS server groups) is required, named method lists become essential for managing and applying distinct authorization rules to different scenarios.
09-01-2023 12:29 PM
thanks for your explanation .... i figured out
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: