Hi, I justed installed ACS 4.1 for Windows, I've added a user account and a router, my router can communicate with the ACS server, I can authenticate to the router, but my authentication will not take me into enable (or priviledge) mode. It takes me right to the user mode. From the server I tried granting priv 15 to my user group and also to me as a user still doesn't work. I have the basic configuration on the router
aaa authentication login susd group tacacs+ local
tacacs-server host 10.x.x.x
tacacs-server key xxxx
Can someone help a rookie out.
Solved! Go to Solution.
You can also achieve this using TACACS authorization. Enter the following command in global configuration mode:
aaa authorization exec default group tacacs+ local
This will enable the router to put you into your assigned privileged mode as configured on the ACS.
I think this is actually the way I wanna go, so I can take advantage of aaa logging.
If I use this authorization command should I remove the privilege login from my VTY lines?