authorization
AAA authorization enable you to limit the services to a user.
named method list (命名方法列表)for a authorization.
method lists for authorization define the way authorization wi ll be performed
and sequence in which these method will be perform.
method lists are specific to the authorization type(认证类型) requested:
auth-proxy->应用指定的安全策略，基于每用户。
commands->应用到exec模式命令给user执行，commands 授权attempts authorization for all  exec mode command,including 全局,associated with a specific privilege level.
exec-->应用到与用户terminal session联系的属性。
network->应用到network connection,包括ppp,slip,或arap连接。
reverse access-->应用到反向telnet会话。
当你要creat一个named method list 你是在定义详细的authorization list给指定的授权类型:
tacacs+ ,用塔克斯给其授权。
if-authenticated-->如果user验证通过了，那么它即被授权了。
none-->无需授权。
local-->用定义了的username授权。
radius-->radius给其授权。
1. aaa authorization {auth-proxy | network |exec | command level |reverse-access |
   configuration | ip moblie} {default|list-name} [method1[method2...]
//建立一个授权method list给一个paticular授权type and enable 授权。
line [aux|console|tty|vty] 线号 [ending线号]
或
int 接口代号
//进入你想应用授权method list的line或接口。
3.authorization {arap | command level |exec|reverse-access} {default|list-name}
或
ppp authorization {default|list-name}
应用authorization list 到line或接口。

关授权:
config)#no aaa authorization config-commands
给反向telnet授权：
aaa authorization reverse-access method1 [method2...]

Named Method List Configuration Example,配置举例:
在一台as5300上配的，由radius服务器提供的aaa，如果radius server fail了，没有响应那么本地数据库将会被查询用来验证和授权信息，记账将被一台tacacs+server处理。
aaa new-model
aaa authentication login admins local
aaa authentication ppp dialins group radius local
aaa authorization network scoobee group radius local
aaa accouting network charley start-stop group radius

user root password alongpassword

radius-server host alcattaz
radius-server key myradiuspassword

int group async 1
group-range 1 16
enca ppp
ppp authentication chap dialins
ppp authorization scoobee
ppp accouting charley

lint 1 16
autoselect ppp
autoselect during-login
login authentication admins
medem dialin

这里用了authorization method list 叫 scoobee，和认证method list dialins。
记账用了method list 叫charley。
 autoselect ppp command configures the Cisco IOS software to allow a PPP session to

start up automatically on these selected lines，跟选line有关，让ppp自己选。

The following example shows how to allow network authorization using TACACS+:

aaa authorization network default group tacacs+

The following example shows how to provide the same authorization, but it also

creates address pools called "mci" and "att":

aaa authorization network default group tacacs+
ip address-pool local
ip local-pool mci 172.16.0.1 172.16.0.255
ip local-pool att 172.17.0.1 172.17.0.255

radius 授权例子：
aaa new-model
aaa authorization exec default group radius if-authenticated
aaa authorization network defualt group radius
radius-server host ip
radius-server key