Cisco Nexus 9000 Series Configuration Manual page 117
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Configuring TACACS+
Note
If you use a console to login to the server, command authorization is disabled. Authorization is available for
both non-console and console sessions. By default, command authorization is disabled for console sessions
even if it is configured for default (non-console) sessions. You must explicitly configure a AAA group for
the console to enable command authorization for console sessions.
Note
By default, context sensitive help and command tab completion show only the commands supported for a
user as defined by the assigned roles. When you enable command authorization, the Cisco NX-OS software
displays all commands in the context sensitive help and in tab completion, regardless of the role assigned to
the user.
Before you begin
Enable TACACS+.
SUMMARY STEPS
1. configure terminal
2. aaa authorization {commands | config-commands} {console | default} {group group-list [local] |
local}
3. (Optional) show tacacs+ {pending | pending-diff}
4. (Optional) tacacs+ commit
5. exit
6. (Optional) show aaa authorization [all]
7. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
aaa authorization {commands | config-commands}
{console | default} {group group-list [local] | local}
Example:
switch(config)# aaa authorization commands
default group TacGroup
Per command authorization will disable RBAC for
all
users. Proceed (y/n)?
Configuring Command Authorization on TACACS+ Servers
Purpose
Enters global configuration mode.
Configures the command authorization method for specific
roles on a TACACS+ server.
The commands keyword configures authorization sources
for all EXEC commands, and the config-commands
keyword configures authorization sources for all
configuration commands.
The console keyword configures command authorization
for a console session, and the default keyword configures
command authorization for a non-console session.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
91
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
