Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM: Getting to enable mode straightly

Hi!

I've already asked my question, how to get directly to enable mode after log in to the FWSM via ssh in the sub forum "general", but i try it again here.

I created some users with privilege level 15, that are able to log in to the FWSM via ssh. But after log in, they are only in unprivileged mode (FWSM>). To get to enable mode (privileged mode), they have to type in "enable" and their password again. So i want to avoid that second step so my users are in enable mode (FWSM#) straight after they log in via ssh.

Obviously it works, when ACS/TACAS/RADIUS is used due to the line " aaa authorization exec default group tacacs+ if-authenticated" as someone suggested in another posting here.

But does it also work, when i just have a FWSM and its local user database?

Thanks,

Marco

3 REPLIES
New Member

Re: FWSM: Getting to enable mode straightly

Yes, " aaa authorization exec default group tacacs+ if-authenticated" will work

New Member

Re: FWSM: Getting to enable mode straightly

What is the commands to jump directly into enable mode on the fwsm (without typing enable)?

I have the same problem.

Isn't " aaa authorization exec default group tacacs+ if-authenticated" for IOS Devices?

Do you know the commands for FWSM?

So far i've been trying:

aaa authentication telnet console TACACS LOCAL

aaa authentication enable console TACACS LOCAL

aaa authentication http console TACACS LOCAL

aaa authentication ssh console TACACS LOCAL

aaa accounting command TACACS

I Had som tiny problems with the ACS Server. I forgot to change the user configuration:

- Use Group Level TACACS+ Enable control

- Use Cisco Secure PAP password as TACACS+ Enable password.

I also have a issue logging in with users that should have privilege level between 1 and 15.

I cannot type "enable 2" - to jump into privilege level 2 (The FWS sais: not allowed when configured for aaa authentication)

When typing enable (and the ACS group-settings says 2) i get the following error message on the acs server:

T+ enable privilege to low

Have you enconcured this problem also?

(BTW the ACS Config works with IOS devices)

Thanx Jarle

Cisco Employee

Re: FWSM: Getting to enable mode straightly

FWSM does not have exec authorization. The user cannot login to privilege level directly. They have to go through "enable".

Regards,

Vivek

745
Views
5
Helpful
3
Replies