I know this is going to sound dumb, but I have some questions related to my first-ever TACACS+ install. I have tons of R/S experience in almost everything...except AAA. (grin)
1) How can I disconnect a user after their usage quota expires? I have ACS set up to track usage and restrict to an absolute time. It tracks total number of accesses to the NAS but never seems to keep the time.
2) Can I authorize certain commands to be available in user mode that would normally only be accessible via enable mode? Or do I have to specifically allow enable mode and then permit/deny CLI commands?
3) When users authenticate to the NAS and then jump off to other devices via reverse telnet, they are challenged for the same TACACS username/pw again. Why?
Thanks all, I really appreciate it. It's driving me nuts and CCO is quite confusing on the subject of AAA to me.