Dear community,
I try to get my head around the "if-authenticated" keyword at the end of the "aaa authorization exec" command.
My test config looks like this, and it does as expected:
username USER privilege 15 secret MYSECRET
aaa new-model
aaa authentication login default local
aaa authorization exec default local if-authenticated
OR
aaa authorization exec default local
When loggin in with SSH, I get direcly in enable mode, as it should be.
However when using the following authorisation command, I enter in user exec mode instead of enable/privileged exec mode and need to provide the enable password:
aaa authorization exec default if-authenticated
I was expecting to end up in enable mode as well, since I should be authenticated? (hence I was able to log in).
Can someone clarify this?