Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Privilege Level for Tacacs Account in Nexus 7000

Hi,

I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.

In n7k when I entered into "configure terminal" It won't allow me to access other commands.

How to login into level 15 privilege mode after authenticating from tacacs

(config)# show running-config tacacs+

tacacs-server key 7 "xxxxx"

tacacs-server host x.x.x.x key 7 "xxxx"

aaa group server tacacs+ TacServer

    server x.x.x.x (same ip as tacacs-server host)

    use-vrf management

    source-interface Vlan2

(config)# show running-config aaa

aaa authentication login default group TacServer

aaa authentication login console local

aaa user default-role

Here below are the commands accessible in "Terminal" currently

(config)# ?

  no        Negate a command or set its defaults

  username  Configure user information.

  end       Go to exec mode

  exit      Exit from command interpreter

isb.n7k-dcn-agg-1-sw(config)#

Everyone's tags (1)
2 REPLIES

Privilege Level for Tacacs Account in Nexus 7000

I'm not 100% sure about ACS 4.2, as i have only tried this in ACS 5.x, but there you needed to send a shell profile back to the nexus, with this line for exec mode :

shell:roles="network-admin"

New Member

Re: Privilege Level for Tacacs Account in Nexus 7000

Hi Jan.nielsen

Issue is resolved but by another way.

I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command

796
Views
5
Helpful
2
Replies
CreatePlease to create content