ACS Shell Command Authorization Sets on IOS and ASA/PIX Configuration

Unanswered Question

Hi,

I need to activate a control privileges of users on various devices.

I found this interesting document:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

and using a router with IOS 124-11.XV1 work normally while using a switch 2960-24TC with IOS 12.2.25SEE3 not working.

All users (read and full access) access on a not priviledge mode.

WHY?

I have a ACS v3.3 build 2

I have a 2960-24TC with IOS 12.2.25SEE3

I tried with a acs v4.1 without success.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 11/01/2007 - 07:24

Not sure what do you mean by

"All users (read and full access) access on a not priviledge mode.

WHY? "

You mean user are not falling in priv mode ?

Regards,

~JG

Jagdeep Gambhir Thu, 11/01/2007 - 16:42

If you want user to fall directly in enable mode,then you should have this command,

aaa authorization exec default group tacacs+ if-authenticated

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field

Regards,

~JG

Actions

This Discussion