aaa authorizaton config-commands

toniknik1982toniknik1982 Registered Users Posts: 1 ■□□□□□□□□□
in CCNA Security
Hello Everyone, I browse on this hoping anybody or somebody can help me understand this command. This is my problem: As far as I know that this command "aaa authorization config-commands" is used to authorized commands issued in Global configuration mode-R1(config)#: - for commands like ip, hostname, do and etc... but why is it that even if I negate the command above (no aaa authorization config-commands), i can still used the commands in Global config mode like for example the "ip route" or "do show run" instead these commands are from Global Config Mode. Here's my aaa config:
R1(config)# aaa new-model
R1(config)# tacacs-server host x.x.x.x key xxxxx
R1(config)# ip tacacs source-interface fa0/1
R1(config)# aaa authentication login forCONSOLE login group tacacs
R1(config)# aaa authorization console
R1(config)# no aaa authorization config-commands
R1(config)# line con 0
R1(config-line)# login authentication forCONSOLE

aaa authorization config-commands confused me a lot. Hope you can help me. Is there any configuration needed on my acs server for this command? Can give a link for me to follow?

THANKS IN ADVANCE.
· Share on FacebookShare on Twitter

Comments

  • ether00ether00 Member Posts: 13 ■□□□□□□□□□
    you need to specified privilege level and create a custom method list

    aaa authorization commands 1 CUSTOM-List group tacas+ local
    aaa accounting commands 1 CUSTOM-acc1 start-stop group tacas+

    then apply it:

    line console 0
    authorization commands 1 CUSTOM-List
    accounting commands 1 CUSTOM-acc1

    make sure that you create an user with privilege 15 so you don't block yourself.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.