Implications of enabling authorization in console

Unanswered Question
Oct 18th, 2009

Hello all,

I have read that it is not advised to enable authentication in console ports. Can any one point out the reasons for this and best practices as well? I am dealing with a 6509 with Sup 720 and IOS 12.2SX.

Thanks a lot in advance!

Nataniel

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jagdeep Gambhir Mon, 10/19/2009 - 01:44

Nataniel,

It's to prevent the user from accidentally shutting themselves out from

configuring the box"

In other words, what you don't want to have happen is to turn on authorization, have the tacacs+ or radius daemon be unreachable (for whatever) reason, and never again be able to get into your box. It's fine if this happens on vty lines, as long as you have a way to FIX it. Once you can't get to the console anymore, you've got problems.

Regards,

~JG

Do rate helpful posts

namendoz Mon, 10/19/2009 - 03:54

Hi JG,

Isn't there an option where I can define to avoid authorization if I was authenticated, just for the case when lose my TACACS server?

Thanks once again!

Regards,

Nataniel

Jagdeep Gambhir Tue, 10/20/2009 - 12:32

Hi Nataniel,

"aaa authorization console"command is disabled by default.

So authorization on console is disabled.

Regards,

~JG

Do rate helpful posts

Actions

This Discussion