To have the network access server request authorization information via a TACACS+ security server, use the
aaa
authorization command with the
group
tacacs+
method keyword. For more specific information about configuring authorization using a TACACS+ security server, refer to the chapter
“Configuring TACACS+.” For an example of how to enable a TACACS+ server to authorize the use of network services, including
PPP and ARA, see the TACACS Authorization Examples.
To allow users to have access to the functions they request as long as they have been authenticated, use the
aaa
authorization command with the
if-authenticated
method keyword. If you select this method, all requested functions are automatically granted to authenticated users.
There may be times when you do not want to run authorization from a particular interface or line. To stop authorization activities
on designated lines or interfaces, use the
none
method keyword. If you select this method, authorization is disabled for all actions.
To select local authorization, which means that the router or access server consults its local user database to determine
the functions a user is permitted to use, use the
aaa
authorization command with the
local
method keyword. The functions associated with local authorization are defined by using the
username global configuration command. For a list of permitted functions, refer to the chapter “Configuring Authentication.”
To have the network access server request authorization via a RADIUS security server, use the
radius
method keyword. For more specific information about configuring authorization using a RADIUS security server, refer to the Configuring
RADIUS chapter.
To have the network access server request authorization via a RADIUS security server, use the
aaa
authorization command with the
group
radius
method keyword. For more specific information about configuring authorization using a RADIUS security server, refer to the chapter
Configuring RADIUS. For an example of how to enable a RADIUS server to authorize services, see the RADIUS Authorization Example.
Note |
Authorization method lists for SLIP follow whatever is configured for PPP on the relevant interface. If no lists are defined
and applied to a particular interface (or no PPP settings are configured), the default setting for authorization applies.
|