cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
658
Views
0
Helpful
4
Replies

direct enable mode acess with the Help of ACS

jain.nitin
Level 3
Level 3

Dear All, I am trying to setup a group which has priv 15 access & they should see enable mode after authentication via ACS, they should not be asked for enable password. How ca I do this, I am unable to do so. I tried it but its not working. What I need is ACS should assign priv level 15 to configured users. I dont want to use Shell commands set.

Same thing I need for ASA firewall as well..

Is there any way to achive this.

4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

For IOS devices,

Router(config)# username [username] password [password]

tacacs-server host [ip]

tacacs-server key [key]

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

On ACS

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field

This feature is not supported on ASA/firewalls.

Regards,

~JG

Do rate helpful posts

I tried this but it didnt work for me see my config below on deivces

aaa new-model

aaa group server tacacs+ bwaaa

server 10.2.6.1

server 10.2.6.2

ip tacacs source-interface Vlan1111

!

aaa authentication login aaa-list group bwaaa local

aaa authentication enable default group bwaaa enable

aaa authorization exec aaa-list group bwaaa local

aaa accounting exec aaa-list start-stop group bwaaa

aaa accounting commands 1 aaa-list start-stop group bwaaa

aaa accounting commands 15 aaa-list start-stop group bwaaa

aaa accounting system default start-stop group bwaaa

First try with simple vanilla config

tacacs-server key [key]

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

If still issue is there get the debugs then

debug aaa authentication

debug aaa authorization

debug tacacs

Regards,

~JG

Hi, Thanks it worlked with default list but it is not working with my defined list..I dont know whats the reason behind that..do you have any idea

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: