ACSE: Advanced TACACS+ Enable fault

Unanswered Question
Mar 13th, 2008


When I tried configure enable level access per NGD, it doesn't work.

Each time I see the same error:

"TACACS+ Enable: Defining Max Privilige on a per network device group to be select".

This error is the same if you don't select a NGD. ACSE ignores my selection.

My ACSE are two with 4.0(1) Build 42


Waldemar Pera

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ebreniz Wed, 03/19/2008 - 07:28

You have to Configured shell command author on per NDG level for the user group. Yes. Your device is using the aaa authentication mechanism that you just configured on the device, as its supposed to do.

You probably logged in with the local username and/or password log-on credentials that have always existed prior to aaa deployment, and then you proceeded to configure TACACS authentication. Now, the device is rightly using the directives for verifying identity (authentication) that are set out in the aaa configuration -- and your log on credentials dont match, of course.

Typically, you should first configure your ACS server and then configure each node. When configuring each node, enter all the aaa commands and enablae passwords, etc, but WAIT to enter the tacacs key for last. This way you will no tlock yourself out of the device.


This Discussion