Does TACACS+ Authorisation work with console?

Unanswered Question
Dec 15th, 2008


I havce configured routers fo ACS Login with 2 users with different Privilage level. When I log in through telnet it works fine with different privilage level, but when i log in through console the authorisation does not take place properly and i get all privilages for users with lesser privilages also.

All my authorisation is also done in ACS.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Mon, 12/15/2008 - 06:15

Yes in can work with console access, I have it working.

Hope that helps.

Richard Burts Mon, 12/15/2008 - 14:49


There is a reason that it is not working for you and a way to get it to work. It is not working for you because by default authorization does not process on the console connection. Cisco does this as a safety mechanism, because if you configure authorization and get it wrong you can lock yourself out of the router. If authorization does not process on the console then you have a way to recover without needing to blow away the config and recreate it.

If you want authorization to process on the console and you are willing to live with the risk then you can enable authorization on the console using this command:

aaa authorization console




This Discussion