Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

aaa authorisation console

Hi,

I want to configure aaa authorisation with tacacs+ for console login, but in the cisco documentation I have found the following line ""Note Authorization is bypassed for authenticated users who log in using the console line, even if authorization has been configured. "" ??? Is it rigth that there are no way to configure authorization for console login ???

THX

Larry

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: aaa authorisation console

Hi Larry,

Some additional info, may be this is what you are experiencing.

Console port authorization was not added as a feature until Bug ID CSCdi82030 was implemented. Console port authorization is off by default to lessen the likelihood of accidentally being locked out of the router. If a user has physical access to the router via the console, console port authorization is not extremely effective. However, for images in which Bug ID CSCdi82030 has been implemented, console port authorization can be turned on under line con 0 with the hidden command aaa authorization console.

You can obtain specific information on a Bug ID by using the Bug Toolkit, linked from Tools and Utilities.

Thanks,

yatin

2 REPLIES
Cisco Employee

Re: aaa authorisation console

Hi Larry,

There surely is a way to implement aaa authorization on console.

line con 0

login authentication ....

authorization exec .... <<<==== for authorization

2)

aaa authorization console <<<== in Global Config mode.

Hope this helps,

Yatin

Cisco Employee

Re: aaa authorisation console

Hi Larry,

Some additional info, may be this is what you are experiencing.

Console port authorization was not added as a feature until Bug ID CSCdi82030 was implemented. Console port authorization is off by default to lessen the likelihood of accidentally being locked out of the router. If a user has physical access to the router via the console, console port authorization is not extremely effective. However, for images in which Bug ID CSCdi82030 has been implemented, console port authorization can be turned on under line con 0 with the hidden command aaa authorization console.

You can obtain specific information on a Bug ID by using the Bug Toolkit, linked from Tools and Utilities.

Thanks,

yatin

170
Views
0
Helpful
2
Replies