Sign in to follow this  
Followers 0
ejeangilles

ACS 4.2 group settings and AAA help

2 posts in this topic

I 've been trying to figure this out for a few days and maybe you guys can help me out. I'm trying to get more familiar with AAA and this what I'm trying to accomplish.

 

 

-I have a cisco switch and I also have ACS 4.2 running on windows 2003 and that's authenticating with a 2003 active directory server which is working ok.

-Level 1 group that can only run those user level commands and they should not go into enable or configuration terminal

-Level 15 group has access to everything.

-Level 1 and Level 15 groups are expecting to login with the AD credentials at first which drops them into user mode.

-Only level 15 group should be able to go into enable mode.

-I want specify the "Enable" password within TACACS and not use the "enable password" command in the IOS.

-I don't want to use local usernames and passwords except for a backway to get in.

 

 

I tried to configure the "Max privilege for any client" to level 1 or 15 per group but that doesn't seem to work.

This is bascially what I have so far.

 

 

aaa new-model
aaa authentication login default group tacacs+ local

username admin privilege 15 password 0 xxxx

 

 

Can you guy tell me what I'm missing?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0