[c-nsp] aaa different for console logins?
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Jan 11 15:34:15 EST 2005
> Anyone know why when using aaa for administrative login
> authentication, returning Service-Type = Administrative-User will
> give enable access to a telnet user, but only exec access to a
> console login?
>
> aaa new-model
> aaa authentication login default group radius local
> aaa authorization exec default group radius local
> aaa accounting exec default start-stop group radius
by default, console sessions are not authorized via AAA (a safeguard
against a misconfigured authorization). configure "aaa authorization
console" (could be hidden, depending on IOS release) if you want to
change this behaviour.
oli
More information about the cisco-nsp
mailing list