From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Tue Oct 11 2005 - 17:13:23 GMT-3
Aaa authorization console
Global configuration command.
Once you do this you can set line con authorization.
IOS should tell you that you cannot set authorization levels though on
console without global command.
HTH,
andy
-----Original Message-----
From: Schulz, Dave [mailto:DSchulz@dpsciences.com]
Sent: Tuesday, October 11, 2005 8:10 AM
To: istong@stong.org; ccielab@groupstudy.com
Subject: RE: Privilege access from console vs. telnet
Ian -
Thanks for taking a look at this one. I removed the privilege level and
add ed the aaa authentication login vty local, and I still get the same
results. It appears that the vty is working correctly both ways. Only
the console appears to be the issue, as if the aaa is no affected by
anything having to do with privileges. Very strange!
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: Ian Stong [mailto:istong@stong.org]
Sent: Tuesday, October 11, 2005 10:45 AM
To: Schulz, Dave; ccielab@groupstudy.com
Subject: RE: Privilege access from console vs. telnet
Seems from your config you have priv level 15 on the line and console so
I would expect that users get level 15 once on. Suggest removing that
command from both the line vty 0 4 and console and then adding login
authentication vty
Sample of other commands:
aaa new-model
aaa authentication login default local
aaa authentication login vty local
aaa authentication login exec enable
aaa authorization exec default local
aaa authorization commands 7 default local
aaa authorization commands 15 default local
Thanks,
Ian
www.ccie4u.com
Rack Rentals and Lab Scenarios starting at only $12
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Schulz, Dave
Sent: Tuesday, October 11, 2005 10:21 AM
To: ccielab@groupstudy.com
Subject: Privilege access from console vs. telnet
Group -
I am having an issue working with some of the privilege commands. See
the below configuration.....This works correct when using telnet to the
router (access to priv 7 and 15 levels). However, I cannot get the
access to the console to work as it should. Privilege level 7 users go
directly into level 15 privilege level. Any thoughts?
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
aaa new-model
aaa authentication username-prompt And_You_Are
aaa authentication login default local-case
aaa authorization exec default local
enable password cisco
!
username cisco privilege 15 password 0 cisco
username ddd privilege 7 password 0 ttt
username test7 privilege 7 password 0 test7
!
interface Loopback0
ip address 20.20.20.20 255.255.255.0
!
interface Serial0
ip address 192.168.1.2 255.255.255.0
no fair-queue
!
privilege exec level 7 show
!
line con 0
privilege level 15
password cisco
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password cisco
logging synchronous
!
end
R2#
Dave Schulz,
Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com >
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:50 GMT-3