[c-nsp] aaa different for console logins?
Jon Lewis
jlewis at lewis.org
Tue Jan 11 15:08:50 EST 2005
On Tue, 11 Jan 2005, Josh Duffek wrote:
> joshd(config)#line con 0
> joshd(config-line)#authorization exec ?
> WORD Use an authorization list with this name
> default Use the default authorization list
That doesn't appear to make a difference.
aaa new-model
aaa authentication login default group radius local
aaa authentication login console group radius local
aaa authorization exec default group radius local
aaa authorization exec console group radius local
aaa accounting exec default start-stop group radius
...
line con 0
authorization exec console
login authentication console
line vty 0 4
!
end
Without any config in the vty 0 4 section, having set the login and exec
defaults suffices. Even with the above console additions, console logins
still only get exec (rather than enable) access.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list