Re: aaa authorization console

From: Toh Soon, Lim (tohsoon28@gmail.com)
Date: Tue Aug 07 2007 - 01:25:08 ART

• Next message: John Parker: "Re: Dynamips for SP Lab"
• Previous message: Brian Dennis: "Re: aaa authorization console"
• Maybe in reply to: Toh Soon, Lim: "aaa authorization console"
• Next in thread: Paul Howell: "Re: aaa authorization console"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Brian,

I had previously added that command as mentioned in my post. It works.

I guess the command "aaa authorization console" is required as far as
console authorization is concerned.

I twisted the config a little as follows:

!
aaa new-model
aaa authentication login MYLOGIN local-case
aaa authorization exec MYAUTHO local
!
username user1 privilege 15 secret cisco123
!
line con 0
 password cisco123
 login authentication MYLOGIN
 authorization exec MYAUTHO
!

I faced the same problem until I configured "aaa authorization console".

Thank you.

B.Rgds,
Lim TS

On 8/7/07, Brian Dennis <bdennis@internetworkexpert.com> wrote:
>
> Try adding this command to the global configuration:
>
> aaa authorization console
>
> Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
> bdennis@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
> On Aug 6, 2007, at 3:35 PM, Toh Soon, Lim wrote:
>
> > Hi Group,
> >
> > I'm facing an issue with the following AAA config:
> >
> > !
> > aaa new-model
> > aaa authentication login default local-case
> > aaa authorization exec default local
> > !
> > username user1 privilege 15 secret cisco123
> > !
> > line con 0
> > password cisco123
> > !
> > line vty 0 4
> > password cisco123
> > !
> >
> > When I telnet to the router and log in as user1, I'm put to
> > privileged EXEC
> > mode (Router# prompt). However, when I console and log in as user1,
> > I'm only
> > put to user EXEC mode (Router> prompt). I have to type enable and
> > provide
> > the enable secret password to get to Level 15. What am I missing here?
> >
> > I resolve the issue by adding the global command "aaa authorization
> > console". Advise me if this is the right thing to do.
> >
> > I'm kinda confused with the command reference in DocCD that says:
> >
> > This command (aaa authorization console) by itself does not turn on
> > authorization of the console line. It needs to be used in
> > conjunction with
> > the authorization command under console line configurations.
> >
> >
> > Thank you.
> >
> > B.Rgds,
> > Lim TS
> >
> > ______________________________________________________________________
> > _
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: John Parker: "Re: Dynamips for SP Lab"
• Previous message: Brian Dennis: "Re: aaa authorization console"
• Maybe in reply to: Toh Soon, Lim: "aaa authorization console"
• Next in thread: Paul Howell: "Re: aaa authorization console"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART