[c-nsp] aaa different for console logins?

John Lyons john at techvictim.net
Tue Jan 11 15:50:19 EST 2005


Hi Jon,

> Anyone know why when using aaa for administrative login
> authentication,
> returning Service-Type = Administrative-User will give enable access
> to a
> telnet user, but only exec access to a console login?
>
> aaa new-model
> aaa authentication login default group radius local
> aaa authorization exec default group radius local
> aaa accounting exec default start-stop group radius

It may be worth trying "aaa authorization console" under line console 0
(It's
a hidden command). Console authorisation wasn't added until CSCdi82030
was
implemented.

John


More information about the cisco-nsp mailing list