192 Configuring Authentication, Authorization, and Accounting• The aaa authorization exec “tacex” tacacs commandcreates an exec authorization method list called tacex which contains themethod tacacs.• The authorization exec tacex command assigns the tacex execauthorization method list to be used for users accessing the switch viatelnet.Notes:• If the privilege level is zero (that is, blocked), then authorization will failand the user will be denied access to the switch.• If the privilege level is higher than one, the user will be placed directly inPrivileged EXEC mode. Note that all commands in Privileged EXEC moderequire privilege level 14, so assigning a user a lower privilege level will beof no value.• A privilege level greater than 15 is invalid and treated as if privilege levelzero had been supplied.• The shell service must be enabled on the TACACS+ server. If this serviceis not enabled, authorization will fail and the user will be denied access tothe switch.TACACS+ Authorization Example—Administrative ProfilesThe switch should use the same configuration as for the previousauthorization example.The TACACS+ server should be configured such that it will send the “roles”attribute. For example:shell:roles=router-adminThe above example attribute will give the user access to the commandspermitted by the router-admin profile.NOTE: If the priv-lvl attribute is also supplied, the user can also be placed directlyinto privileged EXEC mode.