12-15-2008 12:02 AM - edited 03-10-2019 04:14 PM
Hi.
I havce configured routers fo ACS Login with 2 users with different Privilage level. When I log in through telnet it works fine with different privilage level, but when i log in through console the authorisation does not take place properly and i get all privilages for users with lesser privilages also.
All my authorisation is also done in ACS.
12-15-2008 06:15 AM
Yes in can work with console access, I have it working.
Hope that helps.
12-15-2008 02:49 PM
Rajesh
There is a reason that it is not working for you and a way to get it to work. It is not working for you because by default authorization does not process on the console connection. Cisco does this as a safety mechanism, because if you configure authorization and get it wrong you can lock yourself out of the router. If authorization does not process on the console then you have a way to recover without needing to blow away the config and recreate it.
If you want authorization to process on the console and you are willing to live with the risk then you can enable authorization on the console using this command:
aaa authorization console
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide