Question about AAA Authorization

From: Peng Zheng (zpnist@yahoo.com)
Date: Mon Apr 04 2005 - 22:24:26 GMT-3

• Next message: Ed Lui: "Re: REFLXIVE access-list QUESTION"
• Previous message: Dennis J. Hartmann: "RE: police (two rates) under policy map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I have a question: When to use aaa authorization exec
and aaa authorization command?

According to my understanding, with aaa authorization
exec, you can execute all commands same or below the
user privilege.

And with aaa authorization command LEVEL (using either
tacacs+ or radius), you can only execute those
commands explictly allowed on AAA server.

But when to use aaa authorization command LEVEL with
local authorization? I can not see anything different
with or without it.

For example, we have a privilege level 2 user and set
a command to level 2.

aaa authentication login and aaa authorization exec
are configured.

With and without aaa authoriztion command 2, I can
execute level 2 and below commands.

Is there any scenario that can show its function?

Any reply is appreciated.

Peng Zheng

                
__________________________________
Yahoo! Messenger
Show us what our next emoticon should look like. Join the fun.
http://www.advision.webevents.yahoo.com/emoticontest

• Next message: Ed Lui: "Re: REFLXIVE access-list QUESTION"
• Previous message: Dennis J. Hartmann: "RE: police (two rates) under policy map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:52 GMT-3