[tac_plus] aaa authorization if-authenticated

Andy Saykao asaykao at gmail.com
Fri Dec 4 00:55:16 UTC 2009


Hi All,

I'm trying to get my head around when you would want to use
"if-authenticated" for "aaa authorization" and what the best practice might
be. At what other times might you want to use "local" or "none"?

aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated

My understanding is that "if-authenticated" allows you to continue to run in
an exec shell and execute commands when the tacacs+ server becomes
unreachable/dies. This is provided that you have successfully authenticated
to the tacacs+ server before it became unreachable or died.

When would you use if-authenticated, local and none???

Thanks.

Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20091204/3396712f/attachment.html 


More information about the tac_plus mailing list