I am using the attached config for AAA Authentication and am being placed directly into enable mode through the Telnet session and also am being able to pass privilege levels to telnet login. However, on the console port, it throws me into level one privilege mode instead of enable. Can someone explain to me why, and what I am missing as to how the console port and the VTY ports act differently when authenticating through radius and AD? I am trying to be able to have everyone login using AD Authentication and throw thenm into enable mode with their repective privilege level.
The thing that puts a user directly into an assigned privilege level is aaa authorization. And Cisco specifically made authorization not enabled on the console by default. The reason for this is that if authorization is not set up correctly you can lock yourself out of the box and Cisco wants to help make sure that you still have console access if there are problems in authorization.
You can enable authorization on the console using this command:
aaa authorization console
You can use this command to have users who login on the console put directly into a privilege level - but be sure that authorization is really set up correctly.
Where can I find out how to integrate my Cisco products with Threat Response?
There are quick start guides and instructional videos to help you get set up with your Cisco products and the Cisco Threat Response platform.
Inviting all Security & Networking professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network and security management tools.
Click here to take the 5-minute s...
This guide is intended to show some nifty and powerful use cases that a lot of customers either want or don’t know they want. There are tons of other content out there for specific knobs or capabilities, but this is looking to be a more complete...
Since ASDM 7.12(2) I am no longer able to run ASDM on CentOS 7 using javaws. It appears to launch and dies. However, I am now running ASDM directly in java and it works fine.First attempt "javaws https://<ip of firewall>/admin/public/asd...