Hi, I tried searching this forum, and did not find information specific to my situation, but I apologize if this has previously been addressed.
What I am looking to do:
Local user configured on switch (Admin) should be placed into Exec mode upon initial login, and then have to type "Enable" and put in Enable password to get into Enable mode.
I have a Secure ACS server, integrated into Win2k3 Active Directory database. This works fine for authenticating users via their Domain Account.
I will create 2 AD groups, one for unrestricted access to the devices, and one for restricted access for certain users, and set the privilege levels per group in the ACS server. I'm not too worried about this.
My question is, how do I set it so that the local user authentication goes into Exec mode (not to Enable mode), yet users in the Unrestricted AD/ACS group go directly into Enable mode, and users in the Restricted group go into Exec mode?
One more note, I am looking to implement this on 20+ switches, each have different passwords assigned.
aaa authentication login default group tacacs+ local
username admin password 7 xxxxxxx
Thanks in advance for your help. If you need any more information, please let me know!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :