06-12-2006 11:24 AM - edited 02-21-2020 02:28 PM
OK here we go. I took over a network that when you log into a device (router or switch) through TACACS you end up at the enable prompt.
I need it to be at the user prompt and have to type en and your password for enable. I can not find this in my CiscoSecure ACS server. Is this just a level? Right now my group level is 15.
Thanks in advance.
jp
06-12-2006 01:29 PM
Joel
There are a couple of things that can cause this behavior. First I would suggest that you check the configuration of the routers and switches and look for the command privilege level 15. That would send anyone who logs in directly to privilege mode. If you find this command remove it and your problem probably is over.
If it is not privilege level specified on the vty lines it is probably configured in ACS to authorize privilege mode. The more complete solution is to configure the user profiles and remove the privilege access. A quicker way would be to remove the authorization in aaa which will effectively remove the capability from everyone.
HTH
Rick
06-29-2006 08:52 PM
The option that you need to disable is configured on your ACS server. Go to:
ACS -> Group Setup -> (edit the group your a member of) -> Enable options
Set this to 'no enable privilege'. If you want enable privilege set to: 'Max Privilege for any AAA Client'= Level 15
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: