topic Please share the line Con 0 in Network Access Control

AAA commands

saxenanitesh8522 — Mon, 11 Mar 2019 07:15:25 GMT

Dear All,

i want to enable aaa on the ios switch on ssh and telnet and not on console access. i am putting the below commands

phase 1:-

aaa authentication login default group TACACS_SERVERS local
aaa authentication login CONSOLE local
aaa authentication enable default group TACACS_SERVERS enable
aaa session-id common
!
aaa authorization config-commands
aaa authorization exec CONSOLE none

aaa authorization exec default group TACACS_SERVERS local

this way i am able to login to console using local username and password but the enable password is not working.

does it require the below commands as well to make it work. as i dont want console users to be authenticated through AAA.

aaa authorization commands 0 default group TACACS_SERVERS if-authenticated
aaa authorization commands 1 default group TACACS_SERVERS if-authenticated
aaa authorization commands 15 default group TACACS_SERVERS if-authenticated

Please share the line Con 0

Gagandeep Singh — Fri, 25 Nov 2016 15:19:17 GMT

Please share the line Con 0 configuration from IOS switch.

Do you have local enable password set ?

Regards

Gagan

this command aaa

yalbikaw — Sat, 26 Nov 2016 13:53:51 GMT

this command aaa authorization exec CONSOLE none

will put you directly in privilege mode the enable will not be prompted. when you access from console

but of course you need to use the local user name and password for authentication

those:

aaa authorization commands 1 default group TACACS_SERVERS if-authenticated
aaa authorization commands 15 default group TACACS_SERVERS if-authenticated

required only if you want to authorize the commands !, so make sure to configure the ACS or any authentication server properly

because each command you type will be forwarded to ACS for authorization permission.

Yazan