06-22-2018 11:09 AM - edited 03-08-2019 03:27 PM
Hi we have below two commands. I am not sure the difference. Anyone can tell what is difference between the two command? Thank you
aaa authorization exec login group tacacs+ none
aaa authorization commands 15 login group tacacs+ none
06-22-2018 11:48 AM
According to the Cisco documentation the aaa authorization exec is for:
Runs authorization to determine if the user is allowed to run an EXEC shell. This facility might return user profile information such as autocommand information.
And according to that documentation the aaa authorization command is for:
Runs authorization for all commands at the specified privilege level.
Here is a link if you want more detailed information
https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfauth.html
HTH
Rick
06-22-2018 12:46 PM
Thank you so much for your reply. Can we understand the first one is for general command authorization and second one is for command at specific privilege level?
06-22-2018 02:24 PM
Perhaps I am not understanding correctly what you are asking or perhaps you are not understanding my explanation. So let me try again from a slightly different perspective. aaa authorization exec has to do with if the user is allowed to run an EXEC shell - or in other words whether the user is allowed to login to the device. It has nothing to do with any commands. aaa authorization command has to do with authorization for commands at some privilege level.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide