Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Network Device Groups and different privilege levels

Using ACS 3.1. Want to have routers belonging a specific network device group. For example, I created 3 network device groups: core, distribution and access. I assigned my routers in those 3 different groups. I created three user groups: core-admin, network-admin and helpdesk. Now, I want core-admin group to be automatically assigned to priv15 when accessing all routers. network-admin should have priv0 on core routers and priv15 on all other routers. helpdesk group should have priv1 on access routers and priv0 on all other routers.

I've enabled this under the "Enable Options" under the group and it doesn't seem to work. Anyone have any luck on this?

Cisco Employee

Re: Network Device Groups and different privilege levels

This involves authorization as well as authentication. Do you have

> aaa authoirzation exec default group tacacs

in every router? Make sure you also check the "Shell (exec)" box under the TACACS settings in each ACS group (or every ACS user).