10-18-2009 01:11 PM - edited 03-10-2019 04:44 PM
Hello all,
I have read that it is not advised to enable authentication in console ports. Can any one point out the reasons for this and best practices as well? I am dealing with a 6509 with Sup 720 and IOS 12.2SX.
Thanks a lot in advance!
Nataniel
10-18-2009 04:06 PM
So sorry, meant authorization in console ports :(
10-19-2009 01:44 AM
Nataniel,
It's to prevent the user from accidentally shutting themselves out from
configuring the box"
In other words, what you don't want to have happen is to turn on authorization, have the tacacs+ or radius daemon be unreachable (for whatever) reason, and never again be able to get into your box. It's fine if this happens on vty lines, as long as you have a way to FIX it. Once you can't get to the console anymore, you've got problems.
Regards,
~JG
Do rate helpful posts
10-19-2009 03:54 AM
Hi JG,
Isn't there an option where I can define to avoid authorization if I was authenticated, just for the case when lose my TACACS server?
Thanks once again!
Regards,
Nataniel
10-20-2009 12:32 PM
Hi Nataniel,
"aaa authorization console"command is disabled by default.
So authorization on console is disabled.
Regards,
~JG
Do rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide