How can I use effectively the "ENABLE OPTIONS"

Unanswered Question
Aug 19th, 2009
User Badges:


I am setting up cisco ACS appliance 113 Server (4.0).



Group 1 : admincentral

Group 2 : limited admin

Group 3 : education

Network device groups NDGs Defined







aaa authentication login CONSOLE group tacacs+ local-case enable

aaa authentication login VTY group tacacs+ local-case enable

aaa authentication login TACACS group tacacs+ enable

aaa authentication enable default enable

aaa authorization exec default group

tacacs+ group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

tacacs-server host a.b.c.d key xxx

tacacs-server directed-request



Whenver I login to the device, it directly takes me into the privilige

level e.g. level 15 for superuser for example instead of asking for

enable password.



How can I use effectively the "ENABLE OPTIONS", it has three options

1)No enable privileges

2) Max privilege level for any AAA client

3)Define MAX Privilege on a per NDG basis

But pitty is I am not able to use it effectively, can you help me ???

Currently what I do is , I goto "TACACS+ SETTINGS" section and then CHECK the Shell(exec) and Privilege leve check box with number lets say 15 or 10 or 4.

Believe me nothing works unless I check the PRIVILEGE LEVEL CHECK BOX

and fill the number, whatever level I set there, it becomes applicable

for all the users for all the devices and that is very strange can you

help me ?

Thanks and regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Tue, 08/25/2009 - 13:38
User Badges:
  • Silver, 250 points or more

Perform this procedure to configure group-level TACACS+ enabling parameters. The three possible TACACS+ enable options are:

• No Enable Privilege-(default) Disallows enable privileges for this user group.

• Max Privilege for Any AAA Client-Selects the maximum privilege level for this user group for any AAA client on which this group is authorized.

• Define max Privilege on a per-network device group basis-Defines maximum privilege levels for an NDG. To use this option, you create a list of device groups and corresponding maximum privilege levels. See your AAA client documentation for information about privilege levels.


This Discussion