cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19965
Views
0
Helpful
3
Replies

AAA if-authenticated

Dear community,

I try to get my head around the "if-authenticated" keyword at the end of the "aaa authorization exec" command.

 

My test config looks like this, and it does as expected:

username USER privilege 15 secret MYSECRET
aaa new-model
aaa authentication login default local

aaa authorization exec default local if-authenticated

OR

aaa authorization exec default local 

When loggin in with SSH, I get direcly in enable mode, as it should be.

However when using the following authorisation command, I enter in user exec mode instead of enable/privileged exec mode and need to provide the enable password:

aaa authorization exec default if-authenticated

I was expecting to end up in enable mode as well, since I should be authenticated? (hence I was able to log in).

 

Can someone clarify this?

 

 

3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi,

Please see the below thread for details:

https://supportforums.cisco.com/discussion/10781396/if-authenticated

Regards,

Kanwal

Note: Please mark answers if they are helpful.