PIX LOCAL authentication when accessing privilege mode

Discussion in 'Cisco' started by Maya Shani, Jun 30, 2004.

  1. Maya Shani

    Maya Shani Guest

    Hi,

    we have a PIX 515(ER) running v6.3
    Currently we are using the local database of the PIX for
    authentication of remote telent and SSH connections, using the
    following commands:
    aaa authentication telnet console LOCAL
    aaa authentication ssh console LOCAL

    I would like to prompt the user for both user and password
    authentication beofore accessing privilge mode (when using the
    "enable" command)
    According to cisco docs, when using the "enable" option in the aaa
    authentication command (i.e aaa authentication enable console LOCAL)
    it requests a username and password before accessing privileged mode
    for serial, Telnet, or SSH connections. However, this did not work for
    me and I was prompted only for a password when tried to access
    privilege mode.

    Does anyone knows how to accomplish this ?

    Thanks,
    Maya
     
    Maya Shani, Jun 30, 2004
    #1
    1. Advertisements

  2. :we have a PIX 515(ER) running v6.3
    :Currently we are using the local database of the PIX for
    :authentication of remote telent and SSH connections, using the
    :following commands:
    :aaa authentication telnet console LOCAL
    :aaa authentication ssh console LOCAL

    :I would like to prompt the user for both user and password
    :authentication beofore accessing privilge mode (when using the
    :"enable" command)
    :According to cisco docs, when using the "enable" option in the aaa
    :authentication command (i.e aaa authentication enable console LOCAL)
    :it requests a username and password before accessing privileged mode
    :for serial, Telnet, or SSH connections. However, this did not work for
    :me and I was prompted only for a password when tried to access
    :privilege mode.

    It works for me on a 501 with 6.3(3).

    npix(config)# aaa authentication enable console LOCAL
    npix(config)# exit
    npix# exit

    Logoff

    Connection to 172.17.51.1 closed.
    $ ssh [email protected]
    [email protected]'s password:
    Type help or '?' for a list of available commands.
    npix>
    npix> en
    Username: roberson
    Password: ********
    npix#
     
    Walter Roberson, Jun 30, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.