[c-nsp] AAA authorization exec
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Mar 21 15:41:45 EST 2006
Ebben,
by default, authorization is not done on the console (authentication
is). To enable author on the console as well, you need to do enable "aaa
authorization concole".
oli
Ebben Aries <> wrote on Tuesday, March 21, 2006 6:26 PM:
> If you use a 'default' list, it will be applied to the console line as
> well. Good rule of thumb if you do not want any
> authentication/authorization on your console line is to use named
> method lists and apply them specifically to your console/aux/vty lines
>
> ...
> MoGoIT
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Kanagaraj
> Krishna
> Sent: Tuesday, March 21, 2006 9:55 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] AAA authorization exec
>
> Hi,
> I've been exploring all the commands available for AAA
> authorization for my
> tacacs+ setup (7206VXR). One of the commands tried out was
>
> "aaa authorization exec default group tacacs+ local"
>
> For your information I've only set AAA for vty connection but realised
> that
> with that global command inserted, I'm cut out of console access as
> well. Any
> reason for these?
>
> Regards,
> Kana
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list