Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA

Dear sir,

I have configured AAA authentication on my cisco 3660 router but whenever i am getting connected through console it takes me to the user mode and not the enable mode and i am not able to login to the enable mode although i have the priviledge.While thru telnet i am able to do so

kindly suggest

tejas

3 REPLIES
New Member

Re: AAA

Send your aaa configuration..

What version of IOS are you using? There are some issues with EXEC authorization not working on the console port on some versions of IOS...this is why the service=shell set priv-lvl 15 is not being applied on the console port...

You still should be able to get in through enable, my guess is you have set the enable password to be pulled from the AAA server with this command:

aaa authentication enable default tacacs+

or you are typing in the wrong password set on the router.

New Member

Re: AAA

Send your aaa configuration..

What version of IOS are you using? There are some issues with EXEC authorization not working on the console port on some versions of IOS...this is why the service=shell set priv-lvl 15 is not being applied on the console port...

You still should be able to get in through enable, my guess is you have set the enable password to be pulled from the AAA server with this command:

aaa authentication enable default tacacs+

or you are typing in the wrong password set on the router.

Cisco Employee

Re: AAA

Authorization is usually disabled on the console port by default to stop people locking themselves out of the router. There's a hidden command to enable it:

> aaa authorization console

Try that, but be careful, we did this for a reason (too many people had locked themselves out of their routers, so they have this fall back method). If someone has physical access to the console port on your router, then you have more to worry about than command authorization.

357
Views
0
Helpful
3
Replies
CreatePlease login to create content