Skip to Content

Cisco 350-401: Configure AAA for User-Specific Command Authorization on Cisco Routers

By: Author Alex Lim

Posted on

Categories Exam

Learn how to configure AAA authorization on Cisco routers to allow users to run specific configuration commands by validating against the local user database. Understand the difference between AAA authentication and authorization.

Table of Contents

Question

An engineer must configure a router to allow users to run specific configuration commands by validating the user against the router database. Which configuration must be applied?

A. aaa authentication network default local
B. aaa authorization network default local
C. aaa authentication exec default local
D. aaa authorization exec default local

Answer

D. aaa authorization exec default local

Explanation

To allow users to run specific configuration commands on a Cisco router by validating the user against the router’s local user database, you need to configure AAA authorization for the EXEC mode using the local database.

The command “aaa authorization exec default local” sets up AAA authorization for users entering the EXEC mode (i.e. accessing the router CLI) to be validated against the local user database configured on the router. This allows you to specify which commands each user is authorized to run.

A few key points:

  • Authorization determines what actions/commands a user is allowed to perform after authenticating. It is different from authentication which validates the user’s identity.
  • The “exec” keyword specifies this applies to users accessing EXEC mode.
  • “default” means this is the default authorization method that will be used.
  • “local” means the local user database on the router will be used for authorization.

The other options are incorrect because:

  • A and C are configuring authentication, not authorization
  • B is configuring authorization for network-related services, not EXEC mode

So in summary, to authorize specific users to run certain configuration commands, use the command “aaa authorization exec default local” in conjunction with configuring the privilege levels and authorized commands for each user in the local database.

Cisco 350-401 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Cisco 350-401 exam and earn Cisco 350-401 certification.