Is my understand correct that second command means that all the time when I log in on the device via SSH - it will immediately place me into Privilege\Enable mode without asking Enable password? Would it be the same if I log in via Console? 1)aaa authentication login default group TACACS-GROUP local 2)aaa authorization exec default group TACACS-GROUP if-authenticated
I think NO you need aaa authentication enable default group .....LOCAL
the aaa authorization exec default group TACACS-GROUP if-authenticated <<- make you allow to enter enable command then the SW/R ask for password which you need to config local or via AAA.
I think NO you need aaa authentication enable default group .....LOCAL
the aaa authorization exec default group TACACS-GROUP if-authenticated <<- make you allow to enter enable command then the SW/R ask for password which you need to config local or via AAA.
Thanks MHM - my second question was weather switch\router will require me to enter TACACS Credentials if I log in via console - and I found answer which is Yes.
"Is my understand correct that second command means that all the time when I log in on the device via SSH - it will immediately place me into Privilege\Enable mode without asking Enable password?" see below.
Hi - Thanks for the response. There is no need for any additional command in regards to Console. When I login via Console - it already asks for TACACS's User's Credentials.
When you say "you can use your auth profile in the policy set" , Do you refer to some TACACS Server configuraiton? I've never configured TACACS Server so I presume you refer to it.
Yes, my assumption was that you were using a TACACS server. If you aren't, just make sure your default group is local instead of TACACS-GROUP.
If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
