You have to login to the root view before you enable your aaa authentication
lists.  Once you have done so you can put the view names in.

 

Instead of worrying about this myself I always just connect from another
device using the method lists and in ACS I assign the root view using the
attribute cli-view-name=root for a username and password.

 

 

Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP

Managing Partner / Sr. Instructor - IPexpert, Inc.

Mailto: [email protected]

Telephone: +1.810.326.1444, ext. 208

Live Assistance, Please visit: www.ipexpert.com/chat

eFax: +1.810.454.0130

 

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com
<http://www.ipexpert.com/> 

 

From: [email protected]
[mailto:[email protected]] On Behalf Of Kingsley
Charles
Sent: Wednesday, January 05, 2011 5:30 PM
To: [email protected]
Subject: [OSL | CCIE_Security] Enable root method list

 

Hi all 

I have the following configured. When I try to enter into the root view
using the "enable view" command, the IOS uses the "aaa authentication login
king group tacacs+" method list and sends the request the ACS server instead
of using the local enable password. I had to create an user account on ACS
with username/password of root/cisco for it. 

I am wondering why is it using "login" method list. It should use the "aaa
authentication enable" method list, isn't it?

aaa new-model
aaa authentication login king group tacacs+
aaa authorization exec king group tacacs+

enable password cisco

line vty 0 4
 authorization exec king
 login authentication king


With regards
Kings

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to