Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Softwarehandbuch
Management Commands
107
M5300, M6100, and M7100 Series ProSAFE Managed Switches
Per-Command Authorization
When authorization is configured for a line mode, the user manager sends information about
an entered command to the AAA server. The AAA server validates the received command,
and responds with either a PASS or FAIL response. If approved, the command is executed.
Otherwise, the command is denied and an error message is shown to the user. The various
utility commands such as tftp, ping, and outbound telnet should also pass command
authorization. Applying the script is treated as a single command apply script, which also
goes through authorization. Startup-config commands applied on device boot-up are not an
object of the authorization process.
an entered command to the AAA server. The AAA server validates the received command,
and responds with either a PASS or FAIL response. If approved, the command is executed.
Otherwise, the command is denied and an error message is shown to the user. The various
utility commands such as tftp, ping, and outbound telnet should also pass command
authorization. Applying the script is treated as a single command apply script, which also
goes through authorization. Startup-config commands applied on device boot-up are not an
object of the authorization process.
The per-command authorization usage scenario is this:
1.
Configure Authorization Method List
aaa authorization commands listname tacacs radius none
2.
Apply AML to an Access Line Mode (console, telnet, SSH)
authorization commands listname
3.
Commands entered by the user will go through command authorization via TACACS+ or
RADIUS server and will be accepted or denied.
RADIUS server and will be accepted or denied.
Exec Authorization
When exec authorization is configured for a line mode, the user may not be required to use
the enable command to enter Privileged EXEC mode. If the authorization response indicates
that the user has sufficient privilege levels for Privileged EXEC mode, then the user bypasses
User EXEC mode entirely.
the enable command to enter Privileged EXEC mode. If the authorization response indicates
that the user has sufficient privilege levels for Privileged EXEC mode, then the user bypasses
User EXEC mode entirely.
The exec authorization usage scenario is this:
1.
Configure Authorization Method List
aaa authorization exec listname method1 [method2....]
2.
Apply AML to an Access Line Mode (console, telnet, SSH)
authorization exec listname
3.
When the user logs in, in addition to authentication, authorization will be performed to
determine if the user is allowed direct access to Privileged EXEC mode.
determine if the user is allowed direct access to Privileged EXEC mode.
Format
aaa authorization {commands | exec} {default | list-name} method1 [method2]
Mode
Global Config
Parameter
Description
commands
Provides authorization for all user-executed commands.
exec
Provides exec authorization.
default
The default list of methods for authorization services.
list-name
Alphanumeric character string used to name the list of authorization methods.
method
TACACS+, RADIUS, Local, and none are supported.