I'm receiving the message once i include "aaa authorization exec default group radius local if-authenticated" in the config.
Login is successful, however authorization does not allow me to go directly into enable mode. If I take the aaa authorization line out I can login to user mode and then use the enable password to move forward but that is not what I wish to achieve.
sh run | i aaa
aaa new-model aaa authentication attempts login 5 aaa authentication banner ^C aaa authentication fail-message ^C aaa authentication login My-RADIUS group radius local aaa accounting exec My-RADIUS start-stop group radius aaa session-id common
Is there somewhere specific I was suppose to configure the aaa authorization enabled, because I'm not seeing it.
Thanks for your reply. However, I do wish for the users to be validated against RADIUS before they can use enable commands. When I entered your suggestion I can still authenticate without any problems. However, I still default to user mode. I would like it to default to priviledge mode once a user successfully logs in.
Part of what you posted seems to show that you are using non-default methods (My-RADIUS) for authentication and for accounting. It is not clear to me whether a non-default method is also desired for the authorization. Perhaps it would help to clarify if you would post the parts of the config that are for aaa and the parts of the config for the console and vty lines. (complete config might be even better - but these parts would get us started)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :