Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1049
Views
5
Helpful
1
Replies

aaa authorization and acs server

ciscoforum
Level 1
Level 1

‎07-03-2004 08:14 PM - edited ‎03-10-2019 07:53 AM

I have problem to make aaa authorization work with the acs server for test purpose.

Here is the router config

aaa new-model

!

!

aaa group server tacacs+ cisco

server x.x.x.x

aaa authentication login default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

ACS server

the test user is assigned in the test group. please see the attachment to find whatI have configured.

i submitted and restarted after the config

But if I log on the user from console, I am still able to use all the commands.thanks

Labels:
Preview file
84 KB
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎07-07-2004 06:37 PM

Authorization on the console is disabled by default, even with the config you have. This is done on purpose because we had a lot of customers lock themselves out of their routers when configuring authorization, and we wanted the console port to always be a last resort for them to get back in. The theory is that if someone has access to the console port on your router, you have a lot more to worry about than command authorization.

If you really, really want to enable authorization on the console port, make sure it is working fine first via the vty ports, then issue the hidden command as follows:

aaa authorization console

Customers Also Viewed These Support Documents