Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1088
Views
5
Helpful
3
Replies

FWSM: Getting to enable mode straightly

cco1
Level 1
Level 1

‎11-30-2006 11:44 PM - edited ‎03-10-2019 02:51 PM

Hi!

I've already asked my question, how to get directly to enable mode after log in to the FWSM via ssh in the sub forum "general", but i try it again here.

I created some users with privilege level 15, that are able to log in to the FWSM via ssh. But after log in, they are only in unprivileged mode (FWSM>). To get to enable mode (privileged mode), they have to type in "enable" and their password again. So i want to avoid that second step so my users are in enable mode (FWSM#) straight after they log in via ssh.

Obviously it works, when ACS/TACAS/RADIUS is used due to the line " aaa authorization exec default group tacacs+ if-authenticated" as someone suggested in another posting here.

But does it also work, when i just have a FWSM and its local user database?

Thanks,

Marco

Labels:
0 Helpful
3 Replies 3

r-simpson
Level 3
Level 3

‎12-06-2006 02:37 PM

Yes, " aaa authorization exec default group tacacs+ if-authenticated" will work

0 Helpful

jsteffensen
Level 1
Level 1

‎01-15-2007 06:10 AM

What is the commands to jump directly into enable mode on the fwsm (without typing enable)?

I have the same problem.

Isn't " aaa authorization exec default group tacacs+ if-authenticated" for IOS Devices?

Do you know the commands for FWSM?

So far i've been trying:

aaa authentication telnet console TACACS LOCAL

aaa authentication enable console TACACS LOCAL

aaa authentication http console TACACS LOCAL

aaa authentication ssh console TACACS LOCAL

aaa accounting command TACACS

I Had som tiny problems with the ACS Server. I forgot to change the user configuration:

- Use Group Level TACACS+ Enable control

- Use Cisco Secure PAP password as TACACS+ Enable password.

I also have a issue logging in with users that should have privilege level between 1 and 15.

I cannot type "enable 2" - to jump into privilege level 2 (The FWS sais: not allowed when configured for aaa authentication)

When typing enable (and the ACS group-settings says 2) i get the following error message on the acs server:

T+ enable privilege to low

Have you enconcured this problem also?

(BTW the ACS Config works with IOS devices)

Thanx Jarle

0 Helpful

Vivek Santuka
Cisco Employee
Cisco Employee
In response to jsteffensen

‎01-15-2007 08:07 AM

FWSM does not have exec authorization. The user cannot login to privilege level directly. They have to go through "enable".

Regards,

Vivek

Customers Also Viewed These Support Documents