Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
1
Replies

ACSE: Advanced TACACS+ Enable fault

w-pera
Level 1
Level 1

‎03-13-2008 02:37 AM - edited ‎03-10-2019 03:43 PM

Hi,

When I tried configure enable level access per NGD, it doesn't work.

Each time I see the same error:

"TACACS+ Enable: Defining Max Privilige on a per network device group to be select".

This error is the same if you don't select a NGD. ACSE ignores my selection.

My ACSE are two with 4.0(1) Build 42

Thanks,

Waldemar Pera

Labels:
0 Helpful
1 Reply 1

ebreniz
Level 6
Level 6

‎03-19-2008 07:28 AM

You have to Configured shell command author on per NDG level for the user group. Yes. Your device is using the aaa authentication mechanism that you just configured on the device, as its supposed to do.

You probably logged in with the local username and/or password log-on credentials that have always existed prior to aaa deployment, and then you proceeded to configure TACACS authentication. Now, the device is rightly using the directives for verifying identity (authentication) that are set out in the aaa configuration -- and your log on credentials dont match, of course.

Typically, you should first configure your ACS server and then configure each node. When configuring each node, enter all the aaa commands and enablae passwords, etc, but WAIT to enter the tacacs key for last. This way you will no tlock yourself out of the device.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_pvt.html

0 Helpful
Customers Also Viewed These Support Documents