cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3961
Views
1
Helpful
3
Replies

what is difference on aaa authorization exec and command

wfqk
Level 5
Level 5

Hi we have below two commands. I am not sure the difference. Anyone can tell what is difference between the two command? Thank you

 

aaa authorization exec login group tacacs+ none   

aaa authorization commands 15 login group tacacs+ none

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

According to the Cisco documentation the aaa authorization exec is for:

Runs authorization to determine if the user is allowed to run an EXEC shell. This facility might return user profile information such as autocommand information.

 

And according to that documentation the aaa authorization command is for:

Runs authorization for all commands at the specified privilege level.

 

Here is a link if you want more detailed information

https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfauth.html

 

HTH

 

Rick

HTH

Rick

Thank you so much for your reply. Can we understand the first one is for general command authorization and second one is for command at specific privilege level? 

Perhaps I am not understanding correctly what you are asking or perhaps you are not understanding my explanation. So let me try again from a slightly different perspective. aaa authorization exec has to do with if the user is allowed to run an EXEC shell - or in other words whether the user is allowed to login to the device. It has nothing to do with any commands. aaa authorization command has to do with authorization for commands at some privilege level.

 

HTH

 

Rick

 

 

 

HTH

Rick