How does TACACS+ host order of operations

V120311 · ‎10-18-2012

Hi,

I am trying to find out how does TACACS+ work? I know that one can configure multiple TACACS+ servers. However, whenever I enter a command into the switch is the switch sending each command line to the TACACS+ server for "Authorization"?

Thank you,

Victor

turnera · ‎10-18-2012

Victor,

TACACS+ is only used when you area accessing, or loging onto, a device. Once you authenticate your credentials to a TACACS server, you are then just working within the confines of the device you have logged onto. You do not authenticate any configuration commands to the TACACS server as you are working on that device.

It is just for AAA and not for configuring a device.

V120311 · ‎10-18-2012

Turnera,

So the "AAA Authorization" parameter is just used during login time to "Authorize" which commands are allowed after one has logged in?

turnera · ‎10-18-2012

If you have designated specific levels of access with the AAA Authorization configuration, once an individual logs in, that level of authorization is then associated with the user. Then that user is restricted throughout the session to the level of access authorized by the AAA authorization configuration.

aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} method1 [method2...]

If you use this command and then set a command level, that user will only have the command access associated with that particular level.