authorization

Description                                                    Configure authorization for controlling access to functions in the CLI. The ACOS device can use TACACS+ for authorizing commands executed under a specified privilege level. This command also allows the user to specify the level for authorization debugging.

Syntax                                                                  [no] authorization commands cmd-level method {tacplus [none] | none}

[no] authorization debug debug-level

Parameter

Description

cmd-level

Specifies the level of commands that will be authorized. The com­mands are divided into the following levels:

  Privilege 0: Read-only

  Privilege 1: Read-write

  Privilege 2–4: Not-used

  Privilege 5–14: Reserved for ACOS-specific roles

  Privilege 15: Read-write

tacplus

Specifies TACACS+ as the authorization method. (If you omit this option, you must specify none as the method, in which case no authorization will be performed.)

tacplus none

If all the TACACS+ servers fail to respond, then no further authorization will be performed and the command is allowed to execute.

none

No authorization will be performed.

debug-level

Specifies the debug level for authorization. The debug level is set as flag bits for different types of debug messages. The ACOS device has the following types of debug messages:

  0x1 – Common system events such as “trying to connect with TACACS+ servers” and “getting response from TACACS+ servers”. These events are recorded in the syslog.

  0x2 – Packet fields sent out and received by the ACOS device, not including the length fields. These events are written to the terminal.

  0x4 – Length fields of the TACACS+ packets will also be displayed on the terminal.

  0x8 – Information about TACACS+ MD5 encryption will be sent to the syslog.

Default                                                                Not set

Mode                                                                   Configuration mode

Usage                                                                  The authorization server also must be configured. See radius-server or tacacs-server host.

Example                                                            The following command specifies the authorization method for commands executed at level 14: try TACACS+ first but if it fails to respond, then allow the command to execute with­out authorization.

ACOS(config)# authorization commands 14 method tacplus none

 

The following command specifies debug level 15 for authorization:

ACOS(config)# authorization debug l5

Table of Contents

Index

Glossary

-Search-

Back