AAA authorization is not applied to the console port. I ran into this while
configuring TACACS+ on all of our routers in my previous life. I forget exactly
what Cisco's rationalization for this is (something to do with functionality in
case the TACACS+ server fails), but it's documented in several places.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur
_c/scprt1/scauthor.htm#xtocid225285
Jason Young
CNS - Network Design, Anheuser-Busch
(314)577-4597
> -----Original Message-----
> From: eric chan [mailto:bigeric123@hotmail.com]
> Sent: Wednesday, March 28, 2001 12:21 AM
> To: cisco-nsp@puck.nether.net
> Subject: [nsp] tacas bugs ??
>
>
> i have setup tacas with cisco router for access control
>
> aaa authentication login default group tacas line
> aaa authentication enable default group tacas enable
> aaa authorization command 15 default group tacas none.
>
> it works very well in telnet session. however, when i access
> via console,
> the authorization part failed, all user can type any
> command in enable
> mode. do you have any idea ?? is enable mode through console
> not useing
> level 15 ? thanks
>
>
>
> eric
> ______________________________________________________________
> ___________
> Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com.
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:33 EDT