06-07-2006 10:02 AM
Using ACS 3.3 and I'm a newbie. The question I have is it possible to authenticate a user, who connects via telnet and/or SSH, directly to enable mode (priv 15) using ACS? The way we currently have it setup is a user logs in and then types in enable and their password to get to enable mode. I would just like to eliminate the extra step if I could.
06-07-2006 11:45 AM
I have seen this done with ACS and TACACS. Not sure if Radius does the same. On the router configure aaa for authentication and for authorization. (authentication verifies who they are and authorization allows them directly into privilege mode) In ACS be sure that you have given the proper permissions to include privilege access.
You should find that this works on the vty ports but not on the console. By default Cisco does do authorization on the console. Once you have it working properly if you want it to work on the console you would need to add aaa authorization console to the config.
HTH
Rick
06-08-2006 12:20 PM
I would like to detailed syntax on the aaa commands for this. Sounds great
06-09-2006 05:26 AM
Do you have an example, because I'm stuck. Here's what I currently have:
aaa authentication login default group tacacs+ line
aaa authentication login CONSOLE group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default stop-only group tacacs+
and under my line setups I have:
line con 0
password
login authentication CONSOLE
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password
transport input telnet ssh
line vty 5 15
password
transport input telnet ssh
!
07-10-2006 02:15 PM
Is this working?
Be sure to select privilege 15 in ACS server for the user.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide