12.2 Configuring AAA
12.2.3 AAA authorization commands

You can configure the access server to restrict the user to perform only certain functions after successful authentication. Use the aaa authorization command in global configuration mode to select the function authorized and the method of authorization, as follows :

Router(config)#aaa authorization
   {network | exec | commands level | config-commands | reverse-access}
     {default | listname}
     {if-authenticated | local | none | radius | tacacs+ | krb5-instance}

 
Lab Activity    
  The Denver office needs to authorize a backup user to issue a few privilege level commands. In this lab, you will setup AAA Authorization on this router and test each user account.

Character Mode Authorization Example
Example shows an example of a character mode authorization. Character mode authorization commands are as described in Table .

Packet Mode Authentication and Authorization Example
Example shows an example of packet mode authentication and authorization with AAA. Table contains descriptions of the commands used in the preceding configuration.