hit counter script

Verifying Authorization Profile; Testing Authorization - Cisco MDS 9000 Series Configuration Manual

Security
Hide thumbs Also See for MDS 9000 Series:
Table of Contents

Advertisement

switch(config)#
Enters configuration mode.
Step 2
switch(config)# show run aaa all
aaa authentication login default fallback error local
aaa authentication login console fallback error local
Displays the default fallback behavior.
Step 3
switch(config)# no aaa authentication login default fallback error local
WARNING!!! Disabling fallback can lock your switch.
Disables the fallback to local database for authentication.
Note
Caution
If fallback is disable for both default/console, remote authentication is enabled and servers are unreachable,
then the switch will be locked.

Verifying Authorization Profile

You can verify the authorizing profile for different commands. When enabled, all commands are directed to
the Access Control Server (ACS) for verification. The verification details are displayed once the verification
is completed.
switch# terminal verify-only username sikander
switch# config terminal
Enter configuration commands, one per line.
switch(config)# feature telnet
% Success
switch(config)# feature ssh
% Success
switch(config)# end
% Success
switch# exit
Note
This command only verifies the commands and does not enable the configuration.

Testing Authorization

You can test the authorization settings for any command.
To test the authorization of a command, use the test aaa authorization command-type command.
switch(config)# test aaa authorization command-type commands user u1 command "feature dhcp"
% Success
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
38
Replace default with console in this command to disable fallback to console.
Configuring Security Features on an External AAA Server
End with CNTL/Z.

Advertisement

Table of Contents
loading

Table of Contents