A few doubts on AAA authorization
1. If we have configured "aaa authorization exec" then does it apply to both exec level commands(i.e., level 1 mode, the > prompt) AND the priveledged mode commands(the level 15 , the # prompt) OR do we also need the "aaa authorization commands 15" too?
2.I've seen cases where we configure "aaa authorization exec default tacacs+" but we don't have the authorization on the tacacs, the authorization checks are only being performed against the privilege commands on the local router. The tacacs only provides the level of the user after he gets authenticated by the AAA, lets say level 7 and then the authorization of the commands is being done locally.Is it the usual way its done?