AAA console port Authentication

don.mcdaniel · ‎07-27-2011

I am using the attached config for AAA Authentication and am being placed directly into enable mode through the Telnet session and also am being able to pass privilege levels to telnet login. However, on the console port, it throws me into level one privilege mode instead of enable. Can someone explain to me why, and what I am missing as to how the console port and the VTY ports act differently when authenticating through radius and AD? I am trying to be able to have everyone login using AD Authentication and throw thenm into enable mode with their repective privilege level.

Thanks!

Richard Burts · ‎07-31-2011

Don

The thing that puts a user directly into an assigned privilege level is aaa authorization. And Cisco specifically made authorization not enabled on the console by default. The reason for this is that if authorization is not set up correctly you can lock yourself out of the box and Cisco wants to help make sure that you still have console access if there are problems in authorization.

You can enable authorization on the console using this command:

aaa authorization console

You can use this command to have users who login on the console put directly into a privilege level - but be sure that authorization is really set up correctly.

See this link for more details:

http://www.cisco.com/en/US/partner/docs/ios/12_2/security/command/reference/srfauth.html#wp1024046

HTH

Rick

HTH

Rick