cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1318
Views
0
Helpful
3
Replies

ACS Shell Command Authorization Sets on IOS and ASA/PIX Configuration

severi
Level 1
Level 1

Hi,

I need to activate a control privileges of users on various devices.

I found this interesting document:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

and using a router with IOS 124-11.XV1 work normally while using a switch 2960-24TC with IOS 12.2.25SEE3 not working.

All users (read and full access) access on a not priviledge mode.

WHY?

I have a ACS v3.3 build 2

I have a 2960-24TC with IOS 12.2.25SEE3

I tried with a acs v4.1 without success.

Thanks.

3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

Not sure what do you mean by

"All users (read and full access) access on a not priviledge mode.

WHY? "

You mean user are not falling in priv mode ?

Regards,

~JG

Yes, it's correct.

Users are authenticated dall'ACS but did not go to privileged mode.

This happens only on the switch while the router is correct.

If you want user to fall directly in enable mode,then you should have this command,

aaa authorization exec default group tacacs+ if-authenticated

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field

Regards,

~JG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: