[c-nsp] Cisco ACS tacacs console login fails.
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue May 13 13:55:41 EDT 2008
Arne Larsen / Region Nordjylland <> wrote on Tuesday, May 13, 2008 6:47
PM:
> Hi Folks.
>
> Is there someone that can point me into the right direction.
> We are using tacacs on Cisco ACS v 4.1. This works fine when we are
> accessing the boxes via telnet. It authenticates us and let us
> directly into privilege mode on the switches and routers. But when we
> are using the console port it just authenticates, and doesn't let us
> in at all, even if we try to enable with the enable password.
privilege level assignment is part of authorization, and authorization
is disabled by default on console ports (in an attempt to prevent
mis-configured authorization to lock you out). You need to enable it via
"aaa authorization console". Make sure you test AAA failover before
doing so, in your case, I would add "if-authenticated" or "none" as a
fallback method for all "aaa authorization .." statements (incl. cmd
author.)
oli
More information about the cisco-nsp
mailing list