Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How can I use effectively the "ENABLE OPTIONS"

Hi

I am setting up cisco ACS appliance 113 Server (4.0).

GROUPS DEFINED

==============

Group 1 : admincentral

Group 2 : limited admin

Group 3 : education

Network device groups NDGs Defined

==================================

Switch

Router

WLAN

AAA CONFIG IN CLIENT

===================

aaa authentication login CONSOLE group tacacs+ local-case enable

aaa authentication login VTY group tacacs+ local-case enable

aaa authentication login TACACS group tacacs+ enable

aaa authentication enable default enable

aaa authorization exec default group

tacacs+ group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

tacacs-server host a.b.c.d key xxx

tacacs-server directed-request

ACHIVEMENT SO FAR

=================

Whenver I login to the device, it directly takes me into the privilige

level e.g. level 15 for superuser for example instead of asking for

enable password.

PROBLEM

=======

How can I use effectively the "ENABLE OPTIONS", it has three options

1)No enable privileges

2) Max privilege level for any AAA client

3)Define MAX Privilege on a per NDG basis

But pitty is I am not able to use it effectively, can you help me ???

Currently what I do is , I goto "TACACS+ SETTINGS" section and then CHECK the Shell(exec) and Privilege leve check box with number lets say 15 or 10 or 4.

Believe me nothing works unless I check the PRIVILEGE LEVEL CHECK BOX

and fill the number, whatever level I set there, it becomes applicable

for all the users for all the devices and that is very strange can you

help me ?

Thanks and regards

1 REPLY
Silver

Re: How can I use effectively the "ENABLE OPTIONS"

Perform this procedure to configure group-level TACACS+ enabling parameters. The three possible TACACS+ enable options are:

• No Enable Privilege-(default) Disallows enable privileges for this user group.

• Max Privilege for Any AAA Client-Selects the maximum privilege level for this user group for any AAA client on which this group is authorized.

• Define max Privilege on a per-network device group basis-Defines maximum privilege levels for an NDG. To use this option, you create a list of device groups and corresponding maximum privilege levels. See your AAA client documentation for information about privilege levels.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/g.html#wp540570

224
Views
0
Helpful
1
Replies