[c-nsp] Command authorization with RADIUS possible on IOS?
Peter Rathlev
peter at rathlev.dk
Tue Aug 24 12:57:35 EDT 2010
Just out of curiosity: Is command authorization (including
"config-commands") possible on Cisco IOS if you're using RADIUS and not
TACACS+?
A document on cisco.com comparing TACACS+ and RADIUS says:
"RADIUS does not allow users to control which commands can be executed
on a router and which cannot."
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml#comp_router_mgt
The document is somewhat old, but they make it sound like it's a
protocol limitation.
If command authorization is possible with RADIUS a hint to some
documentation would be very welcome.
--
Peter
More information about the cisco-nsp
mailing list