Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2162
Views
0
Helpful
2
Replies

aaa authorisation console

Go to solution
l.meyer
Level 1
Level 1

‎07-04-2003 08:37 AM - edited ‎03-10-2019 07:23 AM

Hi,

I want to configure aaa authorisation with tacacs+ for console login, but in the cisco documentation I have found the following line ""Note Authorization is bypassed for authenticated users who log in using the console line, even if authorization has been configured. "" ??? Is it rigth that there are no way to configure authorization for console login ???

THX

Larry

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ywadhavk
Cisco Employee
Cisco Employee
In response to ywadhavk

‎07-04-2003 09:15 AM

Hi Larry,

Some additional info, may be this is what you are experiencing.

Console port authorization was not added as a feature until Bug ID CSCdi82030 was implemented. Console port authorization is off by default to lessen the likelihood of accidentally being locked out of the router. If a user has physical access to the router via the console, console port authorization is not extremely effective. However, for images in which Bug ID CSCdi82030 has been implemented, console port authorization can be turned on under line con 0 with the hidden command aaa authorization console.

You can obtain specific information on a Bug ID by using the Bug Toolkit, linked from Tools and Utilities.

Thanks,

yatin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
ywadhavk
Cisco Employee
Cisco Employee

‎07-04-2003 09:08 AM

Hi Larry,

There surely is a way to implement aaa authorization on console.

line con 0

login authentication ....

authorization exec .... <<<==== for authorization

2)

aaa authorization console <<<== in Global Config mode.

Hope this helps,

Yatin

0 Helpful

Go to solution
ywadhavk
Cisco Employee
Cisco Employee
In response to ywadhavk

‎07-04-2003 09:15 AM

Hi Larry,

Some additional info, may be this is what you are experiencing.

Console port authorization was not added as a feature until Bug ID CSCdi82030 was implemented. Console port authorization is off by default to lessen the likelihood of accidentally being locked out of the router. If a user has physical access to the router via the console, console port authorization is not extremely effective. However, for images in which Bug ID CSCdi82030 has been implemented, console port authorization can be turned on under line con 0 with the hidden command aaa authorization console.

You can obtain specific information on a Bug ID by using the Bug Toolkit, linked from Tools and Utilities.

Thanks,

yatin

0 Helpful
Customers Also Viewed These Support Documents