TACACS

pannick · ‎06-12-2006

OK here we go. I took over a network that when you log into a device (router or switch) through TACACS you end up at the enable prompt.

I need it to be at the user prompt and have to type en and your password for enable. I can not find this in my CiscoSecure ACS server. Is this just a level? Right now my group level is 15.

Thanks in advance.

jp

Richard Burts · ‎06-12-2006

Joel

There are a couple of things that can cause this behavior. First I would suggest that you check the configuration of the routers and switches and look for the command privilege level 15. That would send anyone who logs in directly to privilege mode. If you find this command remove it and your problem probably is over.

If it is not privilege level specified on the vty lines it is probably configured in ACS to authorize privilege mode. The more complete solution is to configure the user profiles and remove the privilege access. A quicker way would be to remove the authorization in aaa which will effectively remove the capability from everyone.

HTH

Rick

HTH

Rick

n.bowbridge · ‎06-29-2006

The option that you need to disable is configured on your ACS server. Go to:

ACS -> Group Setup -> (edit the group your a member of) -> Enable options

Set this to 'no enable privilege'. If you want enable privilege set to: 'Max Privilege for any AAA Client'= Level 15

HTH