Method lists for authorization define the ways that authorization will be performed and the sequence in which these methods will be performed. A method list is simply a named list describing the authorization methods to be queried (such as RADIUS or TACACS+), in sequence. Method lists enable you to designate one or more security protocols to be used for authorization, thus ensuring a backup system in case the initial method fails. Cisco IOS software uses the first method listed to authorize users for specific network services; if that method fails to respond, the Cisco IOS software selects the next method listed in the method list. This process continues until there is successful communication with a listed authorization method, or all methods defined are exhausted.
Method lists are specific to the authorization type requested:
* Auth-proxy — Applies specific security policies on a per-user basis. For detailed information on the authentication proxy feature, refer to the chapter "Configuring Authentication Proxy" in the "Traffic Filtering“and Firewalls" part of this book”
* Commands — Applies to the EXEC mode com”ands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.
* EXEC — Applies to the attributes associated with a user EXEC terminal session.
* Network — Applies to network connections. This can include a PPP, SLIP, or ARAP connection.
* Reverse Access — Applies to reverse Telnet sessions.
When you create a named method list, you are defining a particular list of authorization methods for the indicated authorization type.