Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

TACACs levels on NXOS, + minor AAA config equivalents?

When you log into a NXOS box, you appear to get the highest role your account has provisioned- there doesn't seem to be the 'exec/enable' dichotomy that our users are familiar (and comfortable with).

Is there a way to make the NXOS boxes have you come in as a network-operator, and then force another login to network-admin? With increased attention being paid to changes at a network level, sometimes it's nice to have that forced reminder that you need to escalate your privliges.

There are a few commands that exist in our legacy configurations that don't port well to the NXOS boxes as well-

aaa authentication username-prompt

aaa authentication fail-message

aaa accounting-commands xxxx start-stop xxx

Maybe start-stop is a relic now and pertains more to dialup accounting- but it's one of those magic configs that's made it into our standard and I hate to change it now. Customized login and fail-messages were nice, though.

CreatePlease to create content