Cisco Cisco 5760 Wireless LAN Controller Riferimenti tecnici
the default method list.) If no default method list is defined, then no authorization takes place. The default
authorization method list must be used to perform outbound authorization, such as authorizing the download
of IP pools from the RADIUS server.
authorization method list must be used to perform outbound authorization, such as authorizing the download
of IP pools from the RADIUS server.
Use the aaa authorization command to create a list by entering the values for the list-name and the method
arguments, where list-name is any character string used to name this list (excluding all method names) and
method identifies the list of authorization methods tried in the given sequence.
arguments, where list-name is any character string used to name this list (excluding all method names) and
method identifies the list of authorization methods tried in the given sequence.
In the table that follows, the groupgroup-name, group ldap, group radius, and group tacacs+ methods
refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius-server host and
tacacs-server host commands to configure the host servers. Use the aaa group server radius, aaa group
server ldap, and aaa group server tacacs+ commands to create a named group of servers.
refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius-server host and
tacacs-server host commands to configure the host servers. Use the aaa group server radius, aaa group
server ldap, and aaa group server tacacs+ commands to create a named group of servers.
Note
This table describes the method keywords.
Table 10: aaa authorization Methods
Description
Keyword
Uses a cache server group for authorization.
cache group-name
Uses a subset of RADIUS or TACACS+ servers for
accounting as defined by the server group
group-name command.
accounting as defined by the server group
group-name command.
group group-name
Uses the list of all Lightweight Directory Access
Protocol (LDAP) servers for authentication.
Protocol (LDAP) servers for authentication.
group ldap
Uses the list of all RADIUS servers for authentication
as defined by the aaa group server radius command.
as defined by the aaa group server radius command.
group radius
Uses the list of all TACACS+ servers for
authentication as defined by the aaa group server
tacacs+ command.
authentication as defined by the aaa group server
tacacs+ command.
grouptacacs+
Allows the user to access the requested function if
the user is authenticated.
the user is authenticated.
The if-authenticated method is a
terminating method. Therefore, if it is listed
as a method, any methods listed after it will
never be evaluated.
terminating method. Therefore, if it is listed
as a method, any methods listed after it will
never be evaluated.
Note
if-authenticated
Uses the local database for authorization.
local
Indicates that no authorization is performed.
none
Cisco IOS software supports the following methods for authorization:
• Cache Server Groups — The router consults its cache server groups to authorize specific rights for users.
Consolidated Platform Command Reference, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)
OL-29471-01
349
aaa authorization