hi guys,
I'm working on AAA and it's not the first time I get stuck here.
if I have a local user with privilege level 7 like this one:
username cisco privilege 7 pass cisco
why if I do authorize him with if-authenticated I only got privilege 1??
aaa authentication login VTY group tacacs+ local
aaa authorization exec VTY group tacacs+ if-authenticated
line vty 0 4
password line
authorization exec VTY
login authentication VTY
transport input telnet
telnet to R1:
USER: admin
PASSWORD:
Rack1R1>
Rack1R1>show priv
Current privilege level is 1
checking the aaa conf guide I find this:
To allow users to have access to the functions they request as long as they
have been authenticated, use the aaa authorization command with the
if-authenticated method keyword. If this method is selected, all requested
functions are automatically granted to authenticated users.
then I don't understand..
btw if I change the conf to local instead of if-authenticated I got
privilege 7 as expected.
thanks
-- @ccie99999 Blogs and organic groups at http://www.ccie.netReceived on Fri Sep 21 2012 - 03:56:34 ART
This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 06:40:29 ART