[c-nsp] AAA authorization exec
Kanagaraj Krishna
kanagaraj at aims.com.my
Mon Mar 27 02:46:15 EST 2006
Hi,
Here a few follow-up questions:
- Does the 'default' list affect AUX as well? In my case it didn't.
- In that if I create a method list and specifically apply it to the vty
lines, is it still necessary to create and apply "aaa authentication login
method none" to con/aux?
Thanks.
Regards,
Kana
----- Original Message -----
From: "Ebben Aries" <Ebben.Aries at albertsons.com>
To: "Kanagaraj Krishna" <kanagaraj at aims.com.my>
Sent: Wednesday, March 22, 2006 1:24 AM
Subject: RE: [c-nsp] AAA authorization exec
> If you use a 'default' list, it will be applied to the console line as
> well. Good rule of thumb if you do not want any
> authentication/authorization on your console line is to use named method
> lists and apply them specifically to your console/aux/vty lines
>
> ...
> MoGoIT
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Kanagaraj
> Krishna
> Sent: Tuesday, March 21, 2006 9:55 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] AAA authorization exec
>
> Hi,
> I've been exploring all the commands available for AAA authorization
> for my
> tacacs+ setup (7206VXR). One of the commands tried out was
>
> "aaa authorization exec default group tacacs+ local"
>
> For your information I've only set AAA for vty connection but realised
> that
> with that global command inserted, I'm cut out of console access as
> well. Any
> reason for these?
>
> Regards,
> Kana
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list