Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6253
Views
10
Helpful
6
Replies

aaa authorization exec authentication-server VS auto-enable

johnlloyd_13
Level 9
Level 9

‎05-07-2020 06:14 PM - edited ‎05-07-2020 07:08 PM

hi,

was trying to google search but can't seem to find the answer.

just wondering what's the difference between aaa authorization exec authentication-server vs aaa authorization exec authentication-server auto-enable?

i know the latter since we're using them which automatically brings you to the ASA privilege exec mode # but how about the former?

 

ciscoasa(config)# aaa authorization exec authentication-server ?

configure mode commands/options:
auto-enable Allow authenticated users with sufficient privileges to
automatically enter privileged EXEC mode on login
<cr>

 

0 Helpful
6 Replies 6

Francesco Molino
VIP Alumni
VIP Alumni

‎05-07-2020 06:38 PM

Hi

It will bring you to user exec mode and you'll need to type enable in order to access privileged exec mode.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

johnlloyd_13
Level 9
Level 9
In response to Francesco Molino

‎05-07-2020 06:56 PM

hi,

so it's the same as not having this line configured at all?

we currently don't have this line configured and i have to type my TACACS login twice just to get to privilege mode.

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to johnlloyd_13

‎05-09-2020 04:42 PM

What do you mean by typing twice your login? Normally you type in once and then when you go to enable mode it prompts you for an enable password

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

johnlloyd_13
Level 9
Level 9
In response to Francesco Molino

‎05-09-2020 06:03 PM

hi,

if you don't have 'auto-enable', you'll need to type your TACACS login twice: first when you login/SSH to the ASA, then second when the ASA asked for enable password.

you don't type the 'local' enable PW when you're doing AAA/TACACS.

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to johnlloyd_13

‎05-09-2020 06:37 PM

Yes but it asks for password only when typing enable not the login name.
Putting this command will allow tacacs to validate the privilege of the user and push it when entering enable command

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Terence.Jh
Spotlight
Spotlight

‎05-08-2020 12:23 AM

Francesco is right
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card