AAA authentication session to FWSM module

Unanswered Question
Jul 27th, 2010

I need to pose a question:

I understand that the authentication process is managed in the admin context...I presently have module setup to authenticate with a local account.  However, I'd like to configure the telnet session from the switch to the FWSM using AAA.

I have a configuration on the specific contexts that allow me to SSH into the contexts, using AAA authentication, as follows:

aaa-server <group> protocol tacacs+

aaa-server <group> (outside interface) host <ip>

aaa-server <group> (outside interface) host <ip>

aaa auth en con <group> LOCAL

aaa auth ssh con <group> LOCAL

I'm a little leary about modifying the admin context for the type of auth (dont want to lock myself out)...

So, my question is, as long as i can communicate with the TACACS appliance(s) from the admin context, should the config that I'm using work for my telnet session from the switch to the FWSM?.

thanks.

bruce         

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Bruce Summers Tue, 07/27/2010 - 17:29

Well,

I got it to work up to the point of authenticating the enable access...

so, when i authenticate into user mode to the FWSM, it performs the auth...when i then try to enter exec mode (Enable) it isnt auth aaa...its using the local database...

thoughts?

bruce

Actions

This Discussion