06-15-2012 07:58 AM - edited 03-04-2019 04:41 PM
Hi,
What is the difference between below two commands, I am interested to know only bold portion.
aaa authorization exec default group radius none
aaa authorization network default group radius none
Regards
Siva Kondala Rao
06-15-2012 08:24 AM
Hi Siva,
Both are for different purpose. EXEC is used mainly for managing the router/switch,; whereas NETWORK is used for authenticating services like PPP, SLIP, etc...
IOS supports three different types of authorization:
EXEC: Applies to the attributes associated with a user EXEC terminal session.
Command: Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.
Network: Applies to network connection. This can include a PPP, SLIP, or ARAP connection.
HTH,
Smitesh
PS: Please rate helpful posts...
06-15-2012 09:32 AM
Hi Smitesh,
Can you explain further: what are user EXEC terminal attributes? and I don't understand network connection authorization. when we will use it (can you give one example)? Your patience is appreciated.
Regards
Siva Kondala Rao
06-15-2012 11:43 PM
Hi Siva,
EXEC attributes are those related to doing something on the router ( managing router), for example who loged in, did what changed, Is is supposed to have that authorization to make changes on configuration, etc...
Whereas, Network is for authentication. For example, like in PPP CHAP or PAP, you can have username password configure on the device itself; or else you have have those be authenticated by external Radius/ TACACs servers...
HTH,
Smitesh
PS: Please rate helpful posts..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide