"aaa authorization exec default group tacacs+ local if-authenticated" explanation
m4rtin
Member Posts: 170
I have a following simple AAA configuration:
In case I authenticate myself I end up in an enable mode shell:
In case I modify the "aaa authorization exec default group tacacs+" line and add "local if-authenticated" part:
..then nothing changes. I mean I still end up in an enable mode shell after authentication. What for is the "local if-authenticated" part in the "aaa authorization exec default group tacacs+" command?
C3550-24-A#sh run | i aaa|tacacs aaa new-model aaa authentication login default group tacacs+ aaa authentication enable default group tacacs+ aaa authorization exec default group tacacs+ aaa session-id common tacacs-server host 192.168.1.65 key Pa55w0rd tacacs-server directed-request C3550-24-A#
In case I authenticate myself I end up in an enable mode shell:
C3550-24-A#sh priv Current privilege level is 15 C3550-24-A#
In case I modify the "aaa authorization exec default group tacacs+" line and add "local if-authenticated" part:
C3550-24-A#sh run | i aaa|tacacs aaa new-model aaa authentication login default group tacacs+ aaa authentication enable default group tacacs+ aaa authorization exec default group tacacs+ local if-authenticated aaa session-id common tacacs-server host 192.168.1.65 key Pa55w0rd tacacs-server directed-request C3550-24-A#
..then nothing changes. I mean I still end up in an enable mode shell after authentication. What for is the "local if-authenticated" part in the "aaa authorization exec default group tacacs+" command?