Configuring feature policy
Procedure
NOTE:
If a command must be preceded by the execution of another command, you must first permit both commands for the command authorization group. You can then configure the rule.
In this example, the
network-admin
role is granted access to the
"feature:rwx:ospf"
feature policy. The
sequence
parameter is used to give order to the sequence of commands to be executed.See: example
Configuring feature rules
switch# aaa authorization group "network-admin" 1 match-command "command:^configure$" permit switch# aaa authorization group "network-admin" 2 match-command "command:configure feature" permit log switch# aaa authorization group "network-admin" 1 match-command "feature:rwx:ospf" permit log