[tac_plus] aaa authorization if-authenticated
Andy Saykao
asaykao at gmail.com
Fri Dec 4 00:55:16 UTC 2009
Hi All,
I'm trying to get my head around when you would want to use
"if-authenticated" for "aaa authorization" and what the best practice might
be. At what other times might you want to use "local" or "none"?
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
My understanding is that "if-authenticated" allows you to continue to run in
an exec shell and execute commands when the tacacs+ server becomes
unreachable/dies. This is provided that you have successfully authenticated
to the tacacs+ server before it became unreachable or died.
When would you use if-authenticated, local and none???
Thanks.
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20091204/3396712f/attachment.html
More information about the tac_plus
mailing list