3 configuring authorization and reauthorization, 1 configuring cli commands authorization, 2 configuring l2tp peer authorization – QTECH SmartEdge 600 Configuration User Manual

Configuration and Operations

Caution!

Risk of security breach. If you disable subscriber authentication, individual
subscriber names and passwords will not be authenticated by the router, and
therefore, IP routes and ARP entries within individual subscriber records are
not installed. To reduce the risk, verify your network security setup before
disabling subscriber authentication.

2.3

Configuring Authorization and Reauthorization

To configure authorization and reauthorization, perform the tasks described in
the following sections.

2.3.1

Configuring CLI Commands Authorization

To specify that commands with a matching privilege level (or higher) require
authorization through TACACS+, perform the task described in Table 21.

Table 21

CLI Commands Authorization

Task

Root Command

Notes

Configure CLI commands
authorization.

aaa authorization comm
ands

Enter this command in the context
configuration mode.

A TACACS+ server must be
configured in the specified context;
for more information, see Configuring
TACACS+.

2.3.2

Configuring L2TP Peer Authorization

To determine whether L2TP peers are authorized by the router (local)
configuration or by a RADIUS server, perform the task described in Table 22.

Table 22

L2TP Peer Authorization

Task

Root Command

Notes

Configure L2TP peer
authorization.

aaa authorization tunnel

Enter this command in the context
configuration mode.

By default, L2TP peers are
authorized through the router
configuration.

17

61/1543-CRA 119 1170/1 Uen L

|

2012-12-04