Netgear M4300-24X24F (XSM4348S) - Stackable Managed Switch with 48x10G including 24x10GBASE-T and 24xSFP+ Layer 3 Guia Do Administrador

Authorization determines if a user is authorized to perform certain activities such entering 

privileged EXEC commands.

When user command authentication succeeds, the user receives access to the user EXEC 
mode. You can also provide a user direct access to the privileged EXEC mode by using the 
EXEC authorization method.

If the EXEC authorization method uses a TACACS+ authorization server, a separate session 
is established with the TACACS+ server to return the authorization attributes.

If the EXEC authorization method uses a RADIUS authorization server, service–type 
attribute 6 or Cisco vendor-specific attribute (VSA) “shell:priv-lvl” is used. If the service-type 
attribute value is returned as administrator or the Cisco VSA “shell:priv-lvl” is at least 
FD_USER_MGR_ADMIN_ACCESS_LEVEL(15), the user receives access to the privileged 
EXEC mode. 

Because the RADIUS protocol does not support authorization, the privilege level attribute 
must be returned with the authentication response. If the service-type attribute is already 
present in RADIUS response packet as administrator, the Cisco VSA “shell:priv-lvl” is 
ignored.

The following example shows how to use the CLI to configure command authorization by a 
TACACS+ server for a Telnet user and allow the user to access privileged EXEC mode 
directly.

Change the authentication mode for Telnet users to TACACS.

(Netgear Switch)(Config)#aaa authentication login "networkList" tacacs