Configuring feature policy
Procedure
NOTE:
If a command must be preceded by the execution of another command, you must first permit both commands for the command authorization group. You can then configure the rule.
In this example, the network-admin
role
is granted access to the "feature:rwx:ospf"
feature
policy. The sequence
parameter is used to give
order to the sequence of commands to be executed.See: example
Configuring feature rules
# aaa authorization group "network-admin" 1 match-command "command:^configure$" permit
# aaa authorization group "network-admin" 2 match-command "command:configure feature" permit log
# aaa authorization group "network-admin" 1 match-command "feature:rwx:ospf" permit log