ACS authorization problem

Unanswered Question
Jul 31st, 2008


i have enable the aaa command authorization tacacs+ for the ASA firewall.since i apply this, all connectiong through serial cable and telnet session go to authorize with ACS.

my question is that there is a way to enable command authorization for telnet session and NOT for serial console connection. thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Marwan ALshawi Thu, 07/31/2008 - 19:54

then u have to use the comman

aaa authentication {telnet | ssh | http | serial} console {LOCAL |

server_group [LOCAL]}

for example:

aaa authentication telnet console [ur ACS server]

if u use ur telnet to the ASA inside interface add the following command

telnet inside

in the above comand only host will be permited

u can put to permit any connection (which is not secure)

good luck

please, if helpful Rate

thetnaing00 Thu, 07/31/2008 - 21:09

hi marwarishawi,

thanks for your reply. but you are talking about authentication not command authorization.i have done that authenticatin for telnet session and apply "aaa authorization command ".

the thing is authorization is appilicable to all telnet session PLUS serial console session which i don't want to get authorized.

i want serial console session to be able to use ALL commands insted of restricted. thanks again.


This Discussion