Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ACS command authorisation on console

Hi,

We are trying to set up command authoristaion.

On VTY evrythings working out but it is not authorising anything on console.

In debugging aaa authorisation it only tells me :

Jun 17 01:45:50: AAA/AUTHOR: authenticated console user is permitted

Anyone any thought on this ?

Tia,

Tom

4 REPLIES
Hall of Fame Super Gold

Re: ACS command authorisation on console

Tom

What you are encountering is standard behavior for IOS. Cisco, on purpose, does not do authorization on the console by default. The reasoning was that authorization on the console has real potential to lock you out of the router is you are careless or do not understand well what you are doing when you set up authorization. There is a command that will cause the router to do authorization on the console as well as the vty ports. If you want it try this:

aaa authorization console

HTH

Rick

New Member

Re: ACS command authorisation on console

Ok,

It seems to be a hidden command as "aaa authorisation" with a question mark does not list the console option. But the command does go to the config.

This doe seem to be the thing I am looking for. I will post the results tomorrow.

Thanx

Hall of Fame Super Gold

Re: ACS command authorisation on console

Tom

Yes it is a hidden command. It does work if configured (and I believe it will be the answer to what you are trying to do). Cisco has positioned it so that you would not do this accidentally. I believe that the risk factor is relatively high with this, so Cisco puts it there if you intentionally use it but makes it obscure as a way of protecting people.

HTH

Rick

New Member

Re: ACS command authorisation on console

It works like a charm.

Thank you !

Tom

144
Views
5
Helpful
4
Replies
CreatePlease to create content