Please could you help me with my question:
My Cisco router R1 aaa configuration:
username user1 privilege 15 password user1
username user2 password user2
aaa authentication login default local
aaa authorization exec default local
aaa authentication ppp PPP_MODEM local
aaa authorization network PPP_MODEM local
So, I want to:
allow user1 to have full terminal access to R1
deny user2 to have any terminal access to R1 but allow user2 to connect to R1 via PPP.
I can configure privilege 0 to user2, but user2 will be able to access R1 terminal lines!
How can I prevent user2 to have management access to R1 using only local AAA services?