Jump to content
Sadikhov IT Certification forums
Sign in to follow this  

ACS 4.2 group settings and AAA help

Recommended Posts

I 've been trying to figure this out for a few days and maybe you guys can help me out. I'm trying to get more familiar with AAA and this what I'm trying to accomplish.



-I have a cisco switch and I also have ACS 4.2 running on windows 2003 and that's authenticating with a 2003 active directory server which is working ok.

-Level 1 group that can only run those user level commands and they should not go into enable or configuration terminal

-Level 15 group has access to everything.

-Level 1 and Level 15 groups are expecting to login with the AD credentials at first which drops them into user mode.

-Only level 15 group should be able to go into enable mode.

-I want specify the "Enable" password within TACACS and not use the "enable password" command in the IOS.

-I don't want to use local usernames and passwords except for a backway to get in.



I tried to configure the "Max privilege for any client" to level 1 or 15 per group but that doesn't seem to work.

This is bascially what I have so far.



aaa new-model
aaa authentication login default group tacacs+ local

username admin privilege 15 password 0 xxxx



Can you guy tell me what I'm missing?

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this