Netgear XSM4324CS CLI Manual Software Version 12.x - Page 99
Per-Command Authorization, Exec Authorization, Apply AML to an Access Line Mode console, telnet, SSH
View all Netgear XSM4324CS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 99 highlights
M4300 Intelligent Edge Series Fully Managed Stackable Switches Term Definition exec Provides authorization for user EXEC terminal sessions. commands Provides authorization for all user-executed commands. default The default list of methods for authorization services. list-name Character string used to name the list of authorization methods. method1 [method2...] Use either tacacs or radius for authorization purpose. no aaa authorization This command deletes the authorization method list. Format Mode no aaa authorization {exec | commands} {default | } [...] Global Config Per-Command Authorization When authorization is configured for a line mode, the user manager sends information about an entered command to the AAA server. The AAA server validates the received command, and responds with either a PASS or FAIL response. If approved, the command is executed. Otherwise, the command is denied and an error message is shown to the user. The various utility commands such as tftp, ping, and outbound telnet should also pass command authorization. Applying the script is treated as a single command apply script, which also goes through authorization. Startup-config commands applied on device boot-up are not an object of the authorization process. The per-command authorization usage scenario is this: 1. Configure Authorization Method List aaa authorization commands listname tacacs radius none 2. Apply AML to an Access Line Mode (console, telnet, SSH) authorization commands listname 3. Commands entered by the user will go through command authorization via TACACS+ or RADIUS server and will be accepted or denied. Exec Authorization When exec authorization is configured for a line mode, the user may not be required to use the enable command to enter Privileged EXEC mode. If the authorization response indicates that the user has sufficient privilege levels for Privileged EXEC mode, then the user bypasses User EXEC mode entirely. Management Commands 99 CLI Command Reference Manual