Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't quite get ACS group access working

Hi,

I have the ACS SE 4.2, and 2950 edge switches.

I have setup two users, one admin and one test on the ACS.

I have applied the following configuration on my switch:

aaa authentication login default group tacacs+ local enable
aaa authorization config-commands
aaa authorization exec default group tacacs+
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+

The test user is in it's own group, and I have applied a max privilege level of 15 to this group.

I have then set specific commands that the group is permitted to use, and denied to use.

However it doesn't seem to work correctly.

Can anyone see an error in how I've configured the switch?

I have attached screenshots of the user and group setup also.

Thanks!

2 REPLIES
New Member

Re: Can't quite get ACS group access working

Group screenshots.

New Member

Re: Can't quite get ACS group access working

This was how we configured the switches at my last place.

aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

HTH

Pete

231
Views
0
Helpful
2
Replies