Different levels of TACACS+ Authorization for different devices
We currently are using Cisco ACS 4.1 and have TACACS+ configured on all devices (Pix, Routers, Switches) so that they let us in with Enable access. We need to add additional users but limit their access. I'm trying to figure out a way to allow certain users to have enable access (15) to our layer 2 devices but only terminal access (1) to our layer 3 devices. I've broken out the equipment into seperate NDG's and now I'm trying to configure the Group settings to make this work. I have configured the Shell Command Authorization settings to allow for this by assigning level 1 to layer3 devices and 15 to layer 2 devices. When I try and connect to any of the devices it only gives me level1 access. The logs show that it's hitting the proper NDG's but it's only showing level1 access. Why am I not getting level15 access when I hit my layer 2 devices? Is there something I'm missing?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...