https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72719#M759 <HTML><HEAD></HEAD><BODY><P>Yes, that was the solution. </P><P> I notice that once the hidden command is entered and the config saved to startup, it survives a reboot, however, there is no way to tell that it is there other than logging into the console and seeing the result. </P></BODY></HTML> Fri, 08 Nov 2002 13:42:40 GMT gcyeaw 2002-11-08T13:42:40Z https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72716#M745 <P> I have a user configured in the TACACS server to receive privalege level 15. When that user telnets to a router he gets level 15, but when he connects via the console he only gets level 1. A debug trace shows only the authentication, there is no authorization exchange for the console connection. Is there a parameter I am missing?</P><P>aaa new-model</P><P>aaa authentication login default group tacacs+ local</P><P>aaa authentication ppp if-needed group tacacs+ local</P><P>aaa authorization exec default group tacacs+ none</P><P></P> Fri, 21 Feb 2020 18:05:02 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72716#M745 gcyeaw 2020-02-21T18:05:02Z https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72717#M750 <HTML><HEAD></HEAD><BODY><P>What version of IOS are you using? There are some issues with this in older versions of IOS. </P><P></P><P>If your IOS supports it, try using the:</P><P></P><P>aaa authorization console </P><P></P><P>command.</P><P></P><P>If not, assign a list to the console and see if this works such as:</P><P></P><P>aaa authorization exec CONSOLE default group tacacs+</P><P></P><P>line con 0</P><P>author exec CONSOLE</P><P></P><P>Let us know if this works.</P><P></P><P></P><P></P></BODY></HTML> Thu, 07 Nov 2002 15:04:29 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72717#M750 4brown 2002-11-07T15:04:29Z https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72718#M755 <HTML><HEAD></HEAD><BODY><P>As per the following Samle Configuration:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/480/8.shtml" target="_blank">http://www.cisco.com/warp/public/480/8.shtml</A></P><P></P><P>Console port authorization was not added as a feature until Bug ID CSCdi82030 was implemented. Console port authorization is off by default to lessen the likelihood of accidentally being locked out of the router. If a user has physical access to the router via the console, console port authorization is not extremely effective. However, for images in which Bug ID CSCdi82030 has been implemented, console port authorization can be turned on under line con 0 with the hidden command aaa authorization console.</P><P></P><P>Hope this helps,</P><P></P><P>-Nairi</P></BODY></HTML> Thu, 07 Nov 2002 23:48:26 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72718#M755 Nairi Adamian 2002-11-07T23:48:26Z https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72719#M759 <HTML><HEAD></HEAD><BODY><P>Yes, that was the solution. </P><P> I notice that once the hidden command is entered and the config saved to startup, it survives a reboot, however, there is no way to tell that it is there other than logging into the console and seeing the result. </P></BODY></HTML> Fri, 08 Nov 2002 13:42:40 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72719#M759 gcyeaw 2002-11-08T13:42:40Z https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72720#M761 <HTML><HEAD></HEAD><BODY><P>I had tried the list already along with a host of other variations. I am running 12.2-7a. 'aaa authorization console' solved the problem. Thanks!</P></BODY></HTML> Fri, 08 Nov 2002 13:45:29 GMT https://community.cisco.com/t5/network-access-control/aaa-authorization-for-console-connection/m-p/72720#M761 gcyeaw 2002-11-08T13:45:29Z