Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1840
Views
0
Helpful
1
Replies

SCP

Craig Balfour
Level 1
Level 1

‎10-23-2006 02:49 AM - edited ‎03-05-2019 12:23 PM

Greetings,

I'm trying to get Secure Copy (SCP) working to a Cisco switch configured to authenticate access via TACACS+ off Cisco ACS.

I've read the SCP documentation (http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b18.html) and enabled SSH and SCP as described. I can SSH into the switch without a problem.

However, when I try and use scp from a unix workstation to copy startup-config (scp craig@192.168.100.20:nvram/startup-config startup-config) I get the error "Privilege denied."

I assume that this is because the user "craig" (configured in Cisco ACS) needs to "enable" to get to privilege 15 in order to access the file "nvram:startup-config".

The examples in the SCP configuration document uses a local privilege 15 user (username superuser privilege 2 password 0 superpassword) which does not need to "enable".

How do you achieve this using Cisco ACS? I can't find anywhere is Cisco ACS to configure a user to have privilege 15 by default. Am I missing something?

Any help would be greatly appreciated.

Craig

Labels:
0 Helpful
1 Reply 1

Craig Balfour
Level 1
Level 1

‎10-23-2006 03:20 AM

About 10 minutes after posting this problem I figured out the solution myself.

In Cisco ACS | Group Setup | Edit Settings | TACACS Settings check Privilege level and set it to 15.

This only works if the following AAA configuration line is also present on the Catalyst device:

aaa authorization exec default group tacacs+

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card