ACS authorization problem

Unanswered Question
Jul 31st, 2008

hi,

i have enable the aaa command authorization tacacs+ for the ASA firewall.since i apply this, all connectiong through serial cable and telnet session go to authorize with ACS.

my question is that there is a way to enable command authorization for telnet session and NOT for serial console connection. thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
Marwan ALshawi Thu, 07/31/2008 - 19:54

then u have to use the comman

aaa authentication {telnet | ssh | http | serial} console {LOCAL |

server_group [LOCAL]}

for example:

aaa authentication telnet console [ur ACS server]

if u use ur telnet to the ASA inside interface add the following command

telnet 10.1.1.1 255.255.255.255 inside

in the above comand only host 10.1.1.1 will be permited

u can put 0.0.0.0 0.0.0.0 to permit any connection (which is not secure)

good luck

please, if helpful Rate

thetnaing00 Thu, 07/31/2008 - 21:09

hi marwarishawi,

thanks for your reply. but you are talking about authentication not command authorization.i have done that authenticatin for telnet session and apply "aaa authorization command ".

the thing is authorization is appilicable to all telnet session PLUS serial console session which i don't want to get authorized.

i want serial console session to be able to use ALL commands insted of restricted. thanks again.

Actions

This Discussion