ACS 4.2 group settings and AAA help

Home Forums Networking Cisco Security – PIX/ASA/VPN ACS 4.2 group settings and AAA help

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    I ‘ve been trying to figure this out for a few days and maybe you guys can help me out. I’m trying to get more familiar with AAA and this what I’m trying to accomplish.

    -I have a cisco switch and I also have ACS 4.2 running on windows 2003 and that’s authenticating with a 2003 active directory server which is working ok.
    -Level 1 group that can only run those user level commands and they should not go into enable or configuration terminal
    -Level 15 group has access to everything.
    -Level 1 and Level 15 groups are expecting to login with the AD credentials at first which drops them into user mode.
    -Only level 15 group should be able to go into enable mode.
    -I want specify the “Enable” password within TACACS and not use the “enable password” command in the IOS.
    -I don’t want to use local usernames and passwords except for a backway to get in.

    I tried to configure the “Max privilege for any client” to level 1 or 15 per group but that doesn’t seem to work.
    This is bascially what I have so far.

    aaa new-model
    aaa authentication login default group tacacs+ local
    username admin privilege 15 password 0 xxxx

    Can you guy tell me what I’m missing?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.