Recall that authorization is the AAA process responsible for granting permission to access particular
components in the network. The administrator will need to define these permissions
based on corporate policy and user privileges. It is important to note that although a TACACS+
file was included in the previous section to illustrate authentication, the actual authorization
controls were not included.
The commands associated with authorization include parameters for the protocols that are
to be used and the method used for authorization. These commands are used after the authentication
phase of AAA, and they are described in Table 32.4.
TABLE 3 2 . 4 AAA Authorization Commands
Command Description
aaa authorization
network method
Performs authorization security on all network services—including
SLIP, PPP, and ARAP—using the method specified by the method
parameter. The method could be TACACS+, RADIUS, local, and so on.
aaa authorization
exec method
Authorizes the EXEC process with the specified AAA method.
aaa authorization
commands level 15
method
Authorizes all EXEC commands used at the specified level (0–15) by using
the specified method. In this example, this is level 15, which is regarded
as full authorization and normally associated with enable mode.
aaa authorization
config-commands
Uses AAA authorization for configuration mode commands.
aaa authorization
reverse-access
method
Uses AAA authorization specified by the method parameter for reverse
Telnet connections.
aaa authorization
function ifauthenticated
Permits the user to use the requested function only if the user is
authenticated.
aaa authorization
function local
Uses the local database for authorization for the specified function.
This database is stored on the router’s configuration in NVRAM.
aaa authorization
function radius
Uses RADIUS for authorization of the specified function.
aaa authorization
function tacacs+
Uses TACACS+ for authorization of the specified function.
TABLE 3 2 . 4 AAA Authorization Commands
Command Description
aaa authorization
network method
Performs authorization security on all network services—including
SLIP, PPP, and ARAP—using the method specified by the method
parameter. The method could be TACACS+, RADIUS, local, and so on.
aaa authorization
exec method
Authorizes the EXEC process with the specified AAA method.
aaa authorization
commands level 15
method
Authorizes all EXEC commands used at the specified level (0–15) by using
the specified method. In this example, this is level 15, which is regarded
as full authorization and normally associated with enable mode.
aaa authorization
config-commands
Uses AAA authorization for configuration mode commands.
aaa authorization
reverse-access
method
Uses AAA authorization specified by the method parameter for reverse
Telnet connections.
aaa authorization
function ifauthenticated
Permits the user to use the requested function only if the user is
authenticated.
aaa authorization
function local
Uses the local database for authorization for the specified function.
This database is stored on the router’s configuration in NVRAM.
aaa authorization
function radius
Uses RADIUS for authorization of the specified function.
aaa authorization
function tacacs+
Uses TACACS+ for authorization of the specified function.