ACS Shell Command Authorization Sets on IOS and ASA/PIX Configuration

Unanswered Question

Hi,

I need to activate a control privileges of users on various devices.

I found this interesting document:


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml


and using a router with IOS 124-11.XV1 work normally while using a switch 2960-24TC with IOS 12.2.25SEE3 not working.

All users (read and full access) access on a not priviledge mode.

WHY?


I have a ACS v3.3 build 2

I have a 2960-24TC with IOS 12.2.25SEE3


I tried with a acs v4.1 without success.


Thanks.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 11/01/2007 - 07:24
User Badges:
  • Red, 2250 points or more

Not sure what do you mean by


"All users (read and full access) access on a not priviledge mode.

WHY? "


You mean user are not falling in priv mode ?



Regards,

~JG

Jagdeep Gambhir Thu, 11/01/2007 - 16:42
User Badges:
  • Red, 2250 points or more

If you want user to fall directly in enable mode,then you should have this command,


aaa authorization exec default group tacacs+ if-authenticated


Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field



Regards,

~JG

Actions

This Discussion