Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACS authorization problem

Unanswered Question
Jul 31st, 2008
User Badges:


i have enable the aaa command authorization tacacs+ for the ASA firewall.since i apply this, all connectiong through serial cable and telnet session go to authorize with ACS.

my question is that there is a way to enable command authorization for telnet session and NOT for serial console connection. thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Marwan ALshawi Thu, 07/31/2008 - 19:54
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

then u have to use the comman

aaa authentication {telnet | ssh | http | serial} console {LOCAL |

server_group [LOCAL]}

for example:

aaa authentication telnet console [ur ACS server]

if u use ur telnet to the ASA inside interface add the following command

telnet inside

in the above comand only host will be permited

u can put to permit any connection (which is not secure)

good luck

please, if helpful Rate

thetnaing00 Thu, 07/31/2008 - 21:09
User Badges:

hi marwarishawi,

thanks for your reply. but you are talking about authentication not command authorization.i have done that authenticatin for telnet session and apply "aaa authorization command ".

the thing is authorization is appilicable to all telnet session PLUS serial console session which i don't want to get authorized.

i want serial console session to be able to use ALL commands insted of restricted. thanks again.


This Discussion