Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS Issue with IOS image 15.3

Dear all,

I am facing a Tacacs issue with 15.3 image on 1941 router..

Basically when we ordered new 1941, the default image we got was  c1900-universalk9-mz.SPA.153-1.T1.bin

Now we have two privilege levels configured for different users group on Tacacs.. Level 15 is system engineers and Level 7 for helpdesk engineers.

Below are the privilege 7 commands allowed on router..

privilege exec level 7 traceroute
privilege exec level 7 ping
privilege exec level 7 show startup-config
privilege exec level 7 show running-config
privilege exec level 7 show configuration
privilege exec level 1 show logging
privilege exec level 1 show

When the system engineer logs into router with Privilege 15, he doesn't get any issue in running any "show" command.. but when a helpdesk engineer logs in, he get below error while running "show" command.

civrixr01_new#sh config

Using 13253 out of 262136 bytes

%Error opening nvram:/startup-config (Permission denied)

When I changed the IOS to c1900-universalk9-mz.SPA.151-4.M7.bin(lower version) .. The error disappeared..

Any Idea if this can be an IOS bug or Tacacs server issue.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hi Inderjeet,In that new IOS,

Hi Inderjeet,

In that new IOS, configure the file system privilege level through config command "file privilege 7" and check.

Regards,

Kumar

6 REPLIES
New Member

Hi Inderjeet,In that new IOS,

Hi Inderjeet,

In that new IOS, configure the file system privilege level through config command "file privilege 7" and check.

Regards,

Kumar

New Member

Hi Pradeep,Thanks.. I will

Hi Pradeep,

Thanks.. I will apply this, check and will confirm..

 

Thanks..

Inderjeet

Hello when logged on as the

Hello

 

when logged on as the desktop engineer

show privilege

 

 

res

Paul

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Hi Paul,Here is the output of

Hi Paul,

Here is the output of "show privilege" command

 

civrixr01_new#show privi

Current privilege level is 7

civrixr01_new#

Hello looks like the desktop

Hello

 

looks like the desktop account as define access privileges hence the reason why they cannot perform the show run command

privilege exec level 7 show run

 

res

Paul

 

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Hi Pradeep,Thanks.. its

Hi Pradeep,

Thanks.. its working..

Hi Paul,

Appreciate your help as well in sorting this out..

 

Thanks..

132
Views
0
Helpful
6
Replies