Implementing Authorization Method Lists
Jul 14,2009 00:00 by alperen


To configure AAA authorization using named method lists, perform the following tasks beginning in Global Configuration mode:

Task

Command

Create an authorization method list for an authorization type and enable authorization.

aaa authorization {authorization-type} list-name [method1 [method2...] ]

Enter Line Configuration mode on which you want to apply the authorization method list. or Enter the Interface Configuration mode for the interfaces to which you want to apply the authorization method list.

line [aux | console | tty | vty] line-number [ending-line-number] or interface interface-type interface-number

Apply the authorization list to the line(s). or Apply the authorization list to the interface.

authorization {authorization-type} list-name or ppp authorization list-name

The following example defines the network authorization method list named XYZ-auth, which specifies TACACS+ authorization will be used on serial lines using PPP. If the TACACS+ server fails to respond, the local network authorization will be performed.

Rtr1(config)#aaa new-model 
Rtr1(config)#tacacs-server host 192.168.1.4
Rtr1(config)#tacacs-server key seattle19
Rtr1(config)#aaa authentication login XYZ-access group tacacs+ enable none
Rtr1(config)#aaa authentication ppp PPP-access group tacacs+ none
Rtr1(config)#aaa authorization network xyz-auth group tacacs+ local
Rtr1(config)#interface serial 0/1
Rtr1(config-if)#encapsulation ppp
Rtr1(config-if)#ppp authentication ppp-access
Rtr1(config-if)#ppp authorization xyz-auth

cp3 aaa Accounting