ACS 4.2 group settings and AAA help

ejeangilles — Mon, 11 Mar 2019 03:46:34 GMT

I 've been trying to figure this out for a few days and maybe you guys can help me out. I'm trying to get more familiar with AAA and this what I'm trying to accomplish.

-I have a cisco switch and I also have ACS 4.2 running on windows 2003 and that's authenticating with a 2003 active directory server which is working ok.

-Level 1 group that can only run those user level commands and they should not go into enable or configuration terminal

-Level 15 group has access to everything.

-Level 1 and Level 15 groups are expecting to login with the AD credentials at first which drops them into user mode.

-Only level 15 group should be able to go into enable mode.

-I want specify the "Enable" password within TACACS and not use the "enable password" command in the IOS.

-I don't want to use local usernames and passwords except for a backway to get in.

I tried to configure the "Max privilege for any client" to level 1 or 15 per group but that doesn't seem to work.

This is bascially what I have so far.

aaa new-model
aaa authentication login default group tacacs+ local

username admin privilege 15 password 0 xxxx

Can you guy tell me what I'm missing?

ACS 4.2 group settings and AAA help

ejeangilles — Thu, 15 Aug 2013 18:43:00 GMT

I solved it.

I was able to use "aaa authentication enable default group tacacs local"

Now I just need to know if there's anyway to configure the enable password for a group instead of user by user.

Any suggestions!!

topic ACS 4.2 group settings and AAA help in Network Access Control

ACS 4.2 group settings and AAA help

ACS 4.2 group settings and AAA help