[c-nsp] TACACS+ & console port auto-anable mode

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sat Jul 9 13:08:32 EDT 2005


Elmar K. Bins <mailto:elmi at 4ever.de> wrote on Saturday, July 09, 2005
3:15 PM:
>>> aaa authorization console
>> 
>> this is the one which enables authorization on the console, which is
>> disabled by default (for some good reason, IMHO). Please see
>> http://www.cisco.com/warp/public/480/8.shtml#t3
> 
> Says nothing more than that it has only been implemented as soon as it
> had been implemented.
> 
> What's the good reason? The page you reference mentions "being locked
> out", but I'm not really getting it.

well, imagine you fat-finger an authorization or tacacs command causing
exec or command authorization to fail. There is no way to correct this
error as you won't be able to login or won't be able to execute any
commands. Console access is then one of the few ways to fix the
situation (there are others, I know).

	oli



More information about the cisco-nsp mailing list