Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS Shell Command Authorization Sets on IOS and ASA/PIX Configuration

Hi,

I need to activate a control privileges of users on various devices.

I found this interesting document:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

and using a router with IOS 124-11.XV1 work normally while using a switch 2960-24TC with IOS 12.2.25SEE3 not working.

All users (read and full access) access on a not priviledge mode.

WHY?

I have a ACS v3.3 build 2

I have a 2960-24TC with IOS 12.2.25SEE3

I tried with a acs v4.1 without success.

Thanks.

3 REPLIES

Re: ACS Shell Command Authorization Sets on IOS and ASA/PIX Conf

Not sure what do you mean by

"All users (read and full access) access on a not priviledge mode.

WHY? "

You mean user are not falling in priv mode ?

Regards,

~JG

New Member

Re: ACS Shell Command Authorization Sets on IOS and ASA/PIX Conf

Yes, it's correct.

Users are authenticated dall'ACS but did not go to privileged mode.

This happens only on the switch while the router is correct.

Re: ACS Shell Command Authorization Sets on IOS and ASA/PIX Conf

If you want user to fall directly in enable mode,then you should have this command,

aaa authorization exec default group tacacs+ if-authenticated

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field

Regards,

~JG

1031
Views
0
Helpful
3
Replies
CreatePlease login to create content