Re: [nsp] tacas bugs ??

From: Brian (bri@sonicboom.org)
Date: Wed Mar 28 2001 - 12:02:35 EST


Just goes to show you that physical security is part of any security policy.

    Bri

----- Original Message -----
From: "Young, Jason" <Jason.Young@anheuser-busch.com>
To: "'eric chan'" <bigeric123@hotmail.com>; <cisco-nsp@puck.nether.net>
Sent: Wednesday, March 28, 2001 5:58 AM
Subject: RE: [nsp] tacas bugs ??

>
> AAA authorization is not applied to the console port. I ran into this
while
> configuring TACACS+ on all of our routers in my previous life. I forget
exactly
> what Cisco's rationalization for this is (something to do with
functionality in
> case the TACACS+ server fails), but it's documented in several places.
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/s
ecur
> _c/scprt1/scauthor.htm#xtocid225285
>
> Jason Young
> CNS - Network Design, Anheuser-Busch
> (314)577-4597
>
>
> > -----Original Message-----
> > From: eric chan [mailto:bigeric123@hotmail.com]
> > Sent: Wednesday, March 28, 2001 12:21 AM
> > To: cisco-nsp@puck.nether.net
> > Subject: [nsp] tacas bugs ??
> >
> >
> > i have setup tacas with cisco router for access control
> >
> > aaa authentication login default group tacas line
> > aaa authentication enable default group tacas enable
> > aaa authorization command 15 default group tacas none.
> >
> > it works very well in telnet session. however, when i access
> > via console,
> > the authorization part failed, all user can type any
> > command in enable
> > mode. do you have any idea ?? is enable mode through console
> > not useing
> > level 15 ? thanks
> >
> >
> >
> > eric
> > ______________________________________________________________
> > ___________
> > Get Your Private, Free E-mail from MSN Hotmail at
> > http://www.hotmail.com.
> >
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:33 EDT