Nigel,
Your first question I think is very key to my situation. I wanted
local administrators to have minimal control via telnet and console.
I was able to tailor these commands on the vty ports. I tried to apply
the same commands to console and it did not work. I was informed that
there was a hidden command,aaa authorization console, only in implemanted
certian IOS images. Answering your first question, I think they should not
have access to the console. The reason why I pose this question is for
general knowledge. Is the aaa authorization console command what I'm
missing.
-----Original Message-----
From: Nigel Taylor [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 27, 2002 8:33 AM
To: [EMAIL PROTECTED]
Subject: Re: AAA in console [7:54282]
Ryan,
I noted your earlier post on this topic and my first question
is.."What's the problem you're trying to solve? Configuring AAA on the
console should be very straight forward, however this could very easily
change based on your identified or outlined requirements. A couple of
question;
1. who will be typically accesing the console?
2. What will be authenticating the user? TACACS+/RADIUS/the Router etc..
3. Do you plan on using the local database should tacacs fail?
4. Will you have redundant/secondary tacacs/radius device?
I've seen some enterprises where they prefered not to have any passwords
configured on the local device short of the "enable secret", which should
survive a password checker like "Getpass". Of course the console password
was left outside the scope of AAA, as it provided the only way to access the
device if the tacacs/radius server(s) were unreachable.
HTH
Nigel
----- Original Message -----
From: "Newell Ryan D SrA 18 CS/SCBT"
To:
Sent: Thursday, September 26, 2002 5:53 PM
Subject: AAA in console [7:54282]
> How can I configure authorization on the console port?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54292&t=54282
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
