Re: AAA

brajesh.jain · ‎12-11-2002

Dear sir,

I have configured AAA authentication on my cisco 3660 router but whenever i am getting connected through console it takes me to the user mode and not the enable mode and i am not able to login to the enable mode although i have the priviledge.While thru telnet i am able to do so

kindly suggest

tejas

4brown · ‎12-11-2002

Send your aaa configuration..

What version of IOS are you using? There are some issues with EXEC authorization not working on the console port on some versions of IOS...this is why the service=shell set priv-lvl 15 is not being applied on the console port...

You still should be able to get in through enable, my guess is you have set the enable password to be pulled from the AAA server with this command:

aaa authentication enable default tacacs+

or you are typing in the wrong password set on the router.

4brown · ‎12-11-2002

Send your aaa configuration..

What version of IOS are you using? There are some issues with EXEC authorization not working on the console port on some versions of IOS...this is why the service=shell set priv-lvl 15 is not being applied on the console port...

You still should be able to get in through enable, my guess is you have set the enable password to be pulled from the AAA server with this command:

aaa authentication enable default tacacs+

or you are typing in the wrong password set on the router.

gfullage · ‎12-17-2002

Authorization is usually disabled on the console port by default to stop people locking themselves out of the router. There's a hidden command to enable it:

> aaa authorization console

Try that, but be careful, we did this for a reason (too many people had locked themselves out of their routers, so they have this fall back method). If someone has physical access to the console port on your router, then you have more to worry about than command authorization.