aaa authorizaton config-commands

toniknik1982

Hello Everyone, I browse on this hoping anybody or somebody can help me understand this command. This is my problem: As far as I know that this command "aaa authorization config-commands" is used to authorized commands issued in Global configuration mode-R1(config)#: - for commands like ip, hostname, do and etc... but why is it that even if I negate the command above (no aaa authorization config-commands), i can still used the commands in Global config mode like for example the "ip route" or "do show run" instead these commands are from Global Config Mode. Here's my aaa config:
R1(config)# aaa new-model
R1(config)# tacacs-server host x.x.x.x key xxxxx
R1(config)# ip tacacs source-interface fa0/1
R1(config)# aaa authentication login forCONSOLE login group tacacs
R1(config)# aaa authorization console
R1(config)# no aaa authorization config-commands
R1(config)# line con 0
R1(config-line)# login authentication forCONSOLE

aaa authorization config-commands confused me a lot. Hope you can help me. Is there any configuration needed on my acs server for this command? Can give a link for me to follow?

THANKS IN ADVANCE.

ether00

you need to specified privilege level and create a custom method list

aaa authorization commands 1 CUSTOM-List group tacas+ local
aaa accounting commands 1 CUSTOM-acc1 start-stop group tacas+

then apply it:

line console 0
authorization commands 1 CUSTOM-List
accounting commands 1 CUSTOM-acc1

make sure that you create an user with privilege 15 so you don't block yourself.