Configuring tacacs+ authorization for, Privileged exec access and network services – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 437

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

437

Configuring RADIUS and TACACS+ Servers

Chapter 14

• For list-name, specify the list created with the

aaa

authentication login

command.

9. Return to privileged EXEC mode.

end

10. Verify your entries.

show running-config

11. (Optional) Save your entries in the configuration file.

copy running-config startup-config

• To disable AAA, use the

no aaa new-model

global configuration

command.

• To disable AAA authentication, use the

no aaa authentication

global configuration command.

• To either disable TACACS+ authentication for login or to return to the

default value, use the

no login authentication {default |

list-name}

line configuration command.

Configuring TACACS+ Authorization for Privileged EXEC Access and
Network Services

AAA authorization limits the services available to an administrator. When AAA
authorization is enabled, the access point uses information retrieved from the
administrator’s profile, that is either in the local user database or on the security
server, to configure the administrator’s session. The administrator is granted
access to a requested service only if the information in the administrator profile
allows it.

You can use the

aaa authorization

global configuration command with

the

tacacs

+ keyword to set parameters that restrict an administrator’s network

access to privileged EXEC mode.

The

aaa authorization exec tacacs+ local

command sets these

authorization parameters:

• Use TACACS+ for privileged EXEC access authorization if

authentication was performed by using TACACS+.

• Use the local database if authentication was not performed by using

TACACS+.

TIP

Authorization is bypassed for authenticated administrators who log in through
CLI even if authorization has been configured.