ASA-有关AAA用户登录的问题

问题示例：
I have created a test user that is set to privilege 15 in the config:

When I log in to the ASA 5510 I am in privilege 1 according to sh curpriv:

Attempting enable fails even though I know I have the correct enable password:

Logging in from unprivileged puts me on privilege 15 and I can do as a please:

The only thing I can track this to is a configuration change I made where I removed a VPN user we no longer needed.
Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

得到的解答：

The ASA uses a slightly different model than traditional IOS routers and this where some of the confusion sits. The second piece is whether or not aaa authentication enable console LOCAL is configured.
ASA使用的模型与传统的IOS路由器略有不同，而且这种模式存在一些混乱。第二部分是否配置了“aaa authentication enable console LOCAL”。

Scenario 1 - Enable Authentication Not Configured
Relevant ASA config

Results

If enable authentication is not configured, a user with privilege 15 must still use the enable password to enter privileged exec mode if entering privileged exec mode through enable.
Scenario 2 - Enable Authentication Not Configured but using login
Relevant ASA config

Results

If enable authentication is not configured, a user with privilege 15 can use the login command to enter privileged exec mode without knowing or using the enable password.
Scenario 3 - Enable Authentication Configured
Relevant ASA config

Results

If enable authentication is configured, a user with privilege 15 can use login or enable to gain access to privileged exec mode. If using enable, the password required will be the user password and not the enable password.

来自 <https://serverfault.com/questions/330758/why-do-i-start-at-privilege-level-1-when-logging-into-a-cisco-asa-5510>

巴特西

ASA-有关AAA用户登录的问题

最新文章

热门文章