Task 5.3

How do I know to configure the level 7 command authorization on the router and not the tacacs server? This has come up in a couple of different practice labs. I have read the question several times - not clear to me how I should know.
Thanks for input!


  • To my mind, there's a clear answer for that: One of the requirements is that the "show run"-output should only contain certain elements of the full configuration. This cannot be reached by authorization on the ACS alone, you also have to set certain commands to certain privilege-levels on the device itself.

  • airflow,
    your answer i think is more for 5.5.
    5.3 i think could go either way. Also, it looks like the IE solution for 5.4 voids the solution for 5.3. You have to add snmp-server -> permit unmatch args in order to maintain 5.3 requirements.
    If this is incorrect, please let me know. "identity mgmt" is by far my weakest area. Also, any web links where I can find more information on AAA would be helful. I've read through the Cisco Press AAA/ACS book, Cisco Router FW Security, and some of the CCO docs, but I have yet to find the 'glue' that binds everything together in usable/practical configurations.
Sign In or Register to comment.