Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

tacacs on foundry devices

I am trying to get the different privilege levels to work on a foundry device configured to use Tacacs. I have entered the following lines on the foundry NAS.

aaa authentication enable default tacacs+ line

aaa authorization exec default tacacs+

enable telnet password .....

enable super-user-password .....

ip address 10.152.21.219 255.255.255.0

ip default-gateway 10.152.21.250

tacacs-server host 10.152.21.5

tacacs-server key HG546$$KLZ

When I connect to the server it prompts me for my tacacs+ username and

password. Once I have entered the username and password I get into the

device but only at privilege level 5 (read-only) even though my username on

the Tacacs+ server is configured to use privilege level 0 (super-user). Therefore it would suggest that the AV pairs are not being passed through to the configured device. Anyone got any ideas?

Thank You

Donagh

1 REPLY
Cisco Employee

Re: tacacs on foundry devices

In the TACACS server do you have Shell (exec) checked and the privilege-level set to 0 under this users configuration? Can you debug on the Foundry to see if it's receiving the attributes properly (if you have them checked in the TACACS server then I see no reason why it wouldn't be receiving them)?

Are you sure level 0 is the super-user on the Foundry? What if you set it to 15 on the TACACS server, do you see any difference?

371
Views
0
Helpful
1
Replies
CreatePlease login to create content