Sounds like confusion to me - you want to add
aaa authentication console ...
The trick isn't getting aaa to work, it's getting to let you in
when your router can't talk to the tacacs server. 8-)
George
> From cisco-nsp-request@puck.nether.net Wed Mar 28 14:31:56 2001
> Resent-Date: Wed, 28 Mar 2001 12:06:45 -0500
> Received-Date: Wed, 28 Mar 2001 12:04:35 -0500
> From: "Brian" <bri@sonicboom.org>
> To: "Young, Jason" <Jason.Young@anheuser-busch.com>,
> "'eric chan'" <bigeric123@hotmail.com>, <cisco-nsp@puck.nether.net>
> References: <DDF5392E0FB3D41196C10008C7D9AE5D02686464@STLABCEXG022>
> Subject: Re: [nsp] tacas bugs ??
> Date: Wed, 28 Mar 2001 09:02:35 -0800
> Resent-From: cisco-nsp@puck.nether.net
> X-Mailing-List: <cisco-nsp@puck.nether.net> archive/latest/5910
> X-Loop: cisco-nsp@puck.nether.net
> Precedence: list
> Resent-Sender: cisco-nsp-request@puck.nether.net
>
> Just goes to show you that physical security is part of any security policy.
>
> Bri
>
> ----- Original Message -----
> From: "Young, Jason" <Jason.Young@anheuser-busch.com>
> To: "'eric chan'" <bigeric123@hotmail.com>; <cisco-nsp@puck.nether.net>
> Sent: Wednesday, March 28, 2001 5:58 AM
> Subject: RE: [nsp] tacas bugs ??
>
>
> >
> > AAA authorization is not applied to the console port. I ran into this
> while
> > configuring TACACS+ on all of our routers in my previous life. I forget
> exactly
> > what Cisco's rationalization for this is (something to do with
> functionality in
> > case the TACACS+ server fails), but it's documented in several places.
> >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/s
> ecur
> > _c/scprt1/scauthor.htm#xtocid225285
> >
> > Jason Young
> > CNS - Network Design, Anheuser-Busch
> > (314)577-4597
> >
> >
> > > -----Original Message-----
> > > From: eric chan [mailto:bigeric123@hotmail.com]
> > > Sent: Wednesday, March 28, 2001 12:21 AM
> > > To: cisco-nsp@puck.nether.net
> > > Subject: [nsp] tacas bugs ??
> > >
> > >
> > > i have setup tacas with cisco router for access control
> > >
> > > aaa authentication login default group tacas line
> > > aaa authentication enable default group tacas enable
> > > aaa authorization command 15 default group tacas none.
> > >
> > > it works very well in telnet session. however, when i access
> > > via console,
> > > the authorization part failed, all user can type any
> > > command in enable
> > > mode. do you have any idea ?? is enable mode through console
> > > not useing
> > > level 15 ? thanks
> > >
> > >
> > >
> > > eric
> > > ______________________________________________________________
> > > ___________
> > > Get Your Private, Free E-mail from MSN Hotmail at
> > > http://www.hotmail.com.
> > >
> >
>
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:33 EDT