Here they give the tacacs user privilige level 15 en check "exec" in de tacacs+ setting, as it seems that SDM needs privilige level 15 to get started!?. I didn't notice this earlier, so once i gave my test user privilige level 15 i got in using tacacs.
This however leads me to the second problem: restricting users using tacacs in SDM. Since 12.3(7)T IOS has the option of using Role Based CLI access:
So now i'm trying to get tacacs to match a user to a parser view defined on the router (using the aaa attribute "cli-view_name"), just to put a lock on the privilige level 15 i have to define to get logged in into SDM in the first place. :(
Goal: finding a appropriate wat to give customers minimal access to a device using SDM en only allowing specific information to be viewed.
SDM has some pre-defined views such as "sdm_monitor" but these all have to much priviliges.
It i'll take me some research to get this working :)
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...