Jump to content


ACS 4.2 group settings and AAA help


  • Please log in to reply
1 reply to this topic

#1 ejeangilles

ejeangilles

    Newbie

  • Validating
  • Pip
  • 8 posts

Posted 15 August 2013 - 08:58 AM

I 've been trying to figure this out for a few days and maybe you guys can help me out. I'm trying to get more familiar with AAA and this what I'm trying to accomplish.

 

 

-I have a cisco switch and I also have ACS 4.2 running on windows 2003 and that's authenticating with a 2003 active directory server which is working ok.

-Level 1 group that can only run those user level commands and they should not go into enable or configuration terminal

-Level 15 group has access to everything.

-Level 1 and Level 15 groups are expecting to login with the AD credentials at first which drops them into user mode.

-Only level 15 group should be able to go into enable mode.

-I want specify the "Enable" password within TACACS and not use the "enable password" command in the IOS.

-I don't want to use local usernames and passwords except for a backway to get in.

 

 

I tried to configure the "Max privilege for any client" to level 1 or 15 per group but that doesn't seem to work.

This is bascially what I have so far.

 

 

aaa new-model
aaa authentication login default group tacacs+ local

username admin privilege 15 password 0 xxxx

 

 

Can you guy tell me what I'm missing?


  • 0

#2 ejeangilles

ejeangilles

    Newbie

  • Validating
  • Pip
  • 8 posts

Posted 16 August 2013 - 04:40 AM

I solved it. Now I just need to know if there's anyway to configure the enable password for a group instead of user by user.


  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users