aaa authorization

Syntax

aaa authorization { exec | commands level } authorListName authMethod
[ authMethod ]*

no aaa authorization { exec | commands level } authorListName

Release Information

Command introduced before JunosE Release 7.1.0.

Description

Sets parameters that restrict a user's access to a network. The no version disables authorization for a function.

Options

• exec—Runs authorization to determine if the user is allowed to run Exec mode commands
• level—Privilege level of commands for which authorization is run; in the range 0–15
• authorListName—Name of the authorization methods list of up to 32 characters
• authMethod—Authorization method lists define the way authorization is performed and the sequence in which the methods are performed. You can designate one or more security protocols in the method list to be used for authorization. If the initial method fails, the next method in the list is used. The process continues until either there is successful communication with a listed authorization method or all methods defined are exhausted:
  • if-authenticated—Allows the user to access the requested function if the user is authenticated
  • none—NAS does not request authorization information; authorization is not performed over this line
  • tacacs+—NAS exchanges authorization information with the TACACS+ security daemon

  Note: For information about TACACS+, see JunosE Broadband Access Configuration Guide.

• *—Indicates that one or more parameters can be repeated multiple times in a list in the command line

Mode

Global Configuration