×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACS authorization problem

Unanswered Question
Jul 31st, 2008
User Badges:

hi,


i have enable the aaa command authorization tacacs+ for the ASA firewall.since i apply this, all connectiong through serial cable and telnet session go to authorize with ACS.


my question is that there is a way to enable command authorization for telnet session and NOT for serial console connection. thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
Marwan ALshawi Thu, 07/31/2008 - 19:54
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

then u have to use the comman


aaa authentication {telnet | ssh | http | serial} console {LOCAL |

server_group [LOCAL]}


for example:


aaa authentication telnet console [ur ACS server]


if u use ur telnet to the ASA inside interface add the following command


telnet 10.1.1.1 255.255.255.255 inside


in the above comand only host 10.1.1.1 will be permited


u can put 0.0.0.0 0.0.0.0 to permit any connection (which is not secure)


good luck


please, if helpful Rate




thetnaing00 Thu, 07/31/2008 - 21:09
User Badges:

hi marwarishawi,


thanks for your reply. but you are talking about authentication not command authorization.i have done that authenticatin for telnet session and apply "aaa authorization command ".


the thing is authorization is appilicable to all telnet session PLUS serial console session which i don't want to get authorized.


i want serial console session to be able to use ALL commands insted of restricted. thanks again.

Actions

This Discussion