Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA Authentication on PIX

I want to setup AAA Authentication on PIX using Tacacs+ server.

I am using CiscoSecure ACS for Windows 2000.

Can anyone point me in the right direction on how to set this up.

I also need to setup different user levels. Like one group has full access and other group has ReadOnly. I have it working on my Routers, now I need to set it on my PIX.

Thanks for any and all the help.


Cisco Employee

Re: AAA Authentication on PIX

Here is the starting link for that

Many sample config using PIX and tacacs can be found at

New Member

Re: AAA Authentication on PIX

Thanks for the link, it helped alot....

now I am able to authentication but not authorization, my "ReadOnly" users are able to get into config mode, and make changes....

I need them to be only execute SHOW command and gew other commands, how would I do that....

here is my current PIX config....

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host 10.XXX.YYY.ZZ bigkey timeout 10

aaa-server RADIUS protocol radius

aaa authentication enable console TACACS+

aaa authentication http console TACACS+

aaa authentication telnet console TACACS+

-Thanks for all the help...

CreatePlease to create content