https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817870#M581290 <P>Yes, my assumption was that you were using a TACACS server.&nbsp; If you aren't, just make sure your default group is local instead of TACACS-GROUP.&nbsp;&nbsp;</P> Wed, 19 Apr 2023 16:42:58 GMT Christopher Bell 2023-04-19T16:42:58Z https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4816955#M581244 <P>Hello,<BR /><BR />Is my understand correct that second command means that all the time when I log in on the device via SSH - it will immediately place me into Privilege\Enable mode without asking Enable password?<BR />Would it be the same if I log in via Console?&nbsp;<BR />1)aaa authentication login default group TACACS-GROUP local&nbsp;<BR />2)aaa authorization exec default group&nbsp; TACACS-GROUP if-authenticated</P> Tue, 18 Apr 2023 13:34:03 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4816955#M581244 karenmelkonyanstu 2023-04-18T13:34:03Z https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4816964#M581245 <P>I think NO&nbsp;<BR />you need aaa authentication enable default group .....LOCAL&nbsp;</P> <P>the&nbsp;<BR /><SPAN>aaa authorization exec default group&nbsp; TACACS-GROUP if-authenticated &lt;&lt;- make you allow to enter enable command&nbsp;<BR /></SPAN>then the SW/R ask for password which you need to config local or via AAA.</P> Tue, 18 Apr 2023 13:44:58 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4816964#M581245 MHM Cisco World 2023-04-18T13:44:58Z https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4816977#M581246 <P>"Is my understand correct that second command means that all the time when I log in on the device via SSH - it will immediately place me into Privilege\Enable mode without asking Enable password?" see below.</P> <P><A href="https://community.cisco.com/t5/network-access-control/if-authenticated/td-p/1248124" target="_blank">https://community.cisco.com/t5/network-access-control/if-authenticated/td-p/1248124</A></P> <P>"Would it be the same if I log in via Console? "</P> <P>provided you configured console line login authentication default</P> Tue, 18 Apr 2023 13:57:16 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4816977#M581246 Ambuj M 2023-04-18T13:57:16Z https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4816983#M581247 <P>Correct. If you are using a TACACS server, you can use your auth profile in the policy set to either restrict commands or grant priv 15.&nbsp;&nbsp;</P><P>&nbsp;</P> Tue, 18 Apr 2023 14:15:09 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4816983#M581247 Christopher Bell 2023-04-18T14:15:09Z https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817839#M581284 <P>Thanks Everyone for your time Guys.<BR /><BR />Thanks MHM - my second question was weather switch\router will require me to enter TACACS Credentials if I log in via console - and I found answer which is Yes.<BR /><BR />Thanks.</P> Wed, 19 Apr 2023 15:58:58 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817839#M581284 karenmelkonyanstu 2023-04-19T15:58:58Z https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817843#M581285 <P>Hi - Thanks for the response.<BR />There is no need for any additional command in regards to Console.<BR />When I login via Console - it already asks for TACACS's User's Credentials.</P> Wed, 19 Apr 2023 16:01:27 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817843#M581285 karenmelkonyanstu 2023-04-19T16:01:27Z https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817845#M581286 <P>Thanks Chris,<BR /><BR />When you say "<SPAN>you can use your auth profile in the policy set</SPAN>" , Do you refer to some TACACS Server configuraiton?<BR />I've never configured TACACS Server so I presume you refer to it.</P> Wed, 19 Apr 2023 16:02:47 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817845#M581286 karenmelkonyanstu 2023-04-19T16:02:47Z https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817870#M581290 <P>Yes, my assumption was that you were using a TACACS server.&nbsp; If you aren't, just make sure your default group is local instead of TACACS-GROUP.&nbsp;&nbsp;</P> Wed, 19 Apr 2023 16:42:58 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-exec-default/m-p/4817870#M581290 Christopher Bell 2023-04-19T16:42:58Z