cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
579
Views
10
Helpful
2
Replies

AAA & Privilege Levels on Console Session

jkrell
Level 1
Level 1

While configuring users with different privilege levels and using AAA, we've found that the privilege level when logging in via console port will always be level 1, whereas with telnet we're able to log in directly into levels 0 and 2 thru 15. Has anyone experienced this or have an explanation as to why this happens?

TIA.

2 Replies 2

yusuff
Cisco Employee
Cisco Employee

Console port authorization was not added as a feature until Bug ID CSCdi82030 was implemented. Console port authorization is off by default to lessen the likelihood of accidentally being locked out of the router. If a user has physical access to the router via the console, console port authorization is not extremely effective. However, for images in which Bug ID CSCdi82030 has been implemented, console port authorization can be turned on under line con 0 with the hidden command aaa authorization console in config mode.

If you turn on debug aaa authorization and log into console you will see there is no AAA kicked in.

R/Yusuf

Thank you for posting this info. I ran into a situation where I could telnet into a switch and AAA login would authenticate and put me directly to Priv Level 15 (as we desire), but connecting to the console and using AAA would not allow me to get to Priv Level 15 at all using my AAA login. Applying this command solved the problem.

Thanks!

-rb

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: