|
Authorization
Jul 14,2009 00:00
by
alperen
AAA authorization works by assembling a set of attributes
that describe what the user is authorized to perform or access. These attributes
are compared to the information contained in a database for a given user, and
the result is returned to AAA to determine the user’s actual capabilities and
restrictions. The database can be located locally on the access server or the
router, or it can be stored remotely on a RADIUS or TACACS+ security server.
Remote security servers, such as RADIUS and TACACS+, authorize users for
specific rights by associating attribute-value (AV) pairs, which define those
rights, with the appropriate user. All authorization methods must be defined
through AAA.
As with authentication, you configure AAA authorization by
defining a named list of authorization methods, and then applying that list to
various interfaces.
|