Is it possible to make authorization using local database (not tacacs or radius)?
I have username admin that has to have access to configuration on router. I also have usename and passwords for IPsec users, but they shouldn't have access to configuration. But both (if they know enable secret) can enter privilege level.
Your config looks appropriate to accomplish what you are trying to. I use this (usually as backup for TACACS), and it works great. Have you tried your config and had issues? The only difference from my working configs is I do not have aaa authoriz commands 0 and 15 in my config.
One side note, if it's a recent IOS I suggest using secret instead of password for your local users. That will prevent the password from being reversed if someone gets your config. For example:
Yes I tried that config and it doesn't work. It works with tacacs, but with local authentication/authorization all users regardless of privilege level, can enter privilege mod (enable) if they now appropriate enable secret.
Is there a way that I can acomplish this with local authorization: when user1 tries to enter enable mod, he will be rejected because whe has prevelege level 0.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :