https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935318#M419603 <HTML><HEAD></HEAD><BODY><P>Try this:</P><P></P><P>ROUTER#config t</P><P>Enter configuration commands, one per line. End with CNTL/Z.</P><P>ROUTER(config)#line vty 0 4</P><P>ROUTER(config-line)#privilege level 15</P><P>ROUTER(config-line)#end</P><P>ROUTER#</P><P></P><P>HTH</P></BODY></HTML> Thu, 27 Mar 2008 18:51:20 GMT Collin Clark 2008-03-27T18:51:20Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935317#M419602 <P>Hi, I justed installed ACS 4.1 for Windows, I've added a user account and a router, my router can communicate with the ACS server, I can authenticate to the router, but my authentication will not take me into enable (or priviledge) mode. It takes me right to the user mode. From the server I tried granting priv 15 to my user group and also to me as a user still doesn't work. I have the basic configuration on the router</P><P></P><P>aaa new-model</P><P>aaa authentication login susd group tacacs+ local</P><P></P><P>tacacs-server host 10.x.x.x</P><P>tacacs-server directed-request</P><P>tacacs-server key xxxx</P><P></P><P>Can someone help a rookie out.</P> Sun, 10 Mar 2019 22:44:58 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935317#M419602 umamon 2019-03-10T22:44:58Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935318#M419603 <HTML><HEAD></HEAD><BODY><P>Try this:</P><P></P><P>ROUTER#config t</P><P>Enter configuration commands, one per line. End with CNTL/Z.</P><P>ROUTER(config)#line vty 0 4</P><P>ROUTER(config-line)#privilege level 15</P><P>ROUTER(config-line)#end</P><P>ROUTER#</P><P></P><P>HTH</P></BODY></HTML> Thu, 27 Mar 2008 18:51:20 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935318#M419603 Collin Clark 2008-03-27T18:51:20Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935319#M419604 <HTML><HEAD></HEAD><BODY><P>Hi HTH,</P><P></P><P>Thanks that worked!</P><P></P><P></P></BODY></HTML> Thu, 27 Mar 2008 20:14:17 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935319#M419604 umamon 2008-03-27T20:14:17Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935320#M419605 <HTML><HEAD></HEAD><BODY><P>You can also achieve this using TACACS authorization. Enter the following command in global configuration mode:</P><P></P><P>aaa authorization exec default group tacacs+ local</P><P></P><P>This will enable the router to put you into your assigned privileged mode as configured on the ACS.</P></BODY></HTML> Sat, 05 Apr 2008 14:20:56 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935320#M419605 john.dowson 2008-04-05T14:20:56Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935321#M419606 <HTML><HEAD></HEAD><BODY><P>I think this is actually the way I wanna go, so I can take advantage of aaa logging.</P><P></P><P>If I use this authorization command should I remove the privilege login from my VTY lines?</P></BODY></HTML> Thu, 10 Apr 2008 16:01:08 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935321#M419606 umamon 2008-04-10T16:01:08Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935322#M419607 <HTML><HEAD></HEAD><BODY><P>Yes, you don't need the privilege level set on the VTY lines when using the authorization method.</P><P></P><P>John</P></BODY></HTML> Thu, 10 Apr 2008 21:26:03 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935322#M419607 john.dowson 2008-04-10T21:26:03Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935323#M419608 <HTML><HEAD></HEAD><BODY><P>Thanks John,</P><P></P><P>That gave me exactly what i was looking for. I also had to place the authorization command on the line.</P></BODY></HTML> Thu, 10 Apr 2008 21:57:46 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935323#M419608 umamon 2008-04-10T21:57:46Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935324#M419609 <HTML><HEAD></HEAD><BODY><P>Ah I guess you're using a named authorization method rather than the default one which is why it need applying to the VTY lines. The default method would apply to all lines where not already configured.</P></BODY></HTML> Fri, 11 Apr 2008 14:09:04 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935324#M419609 john.dowson 2008-04-11T14:09:04Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935325#M419610 <HTML><HEAD></HEAD><BODY><P>John,</P><P></P><P>Do you think that the default method is the better way to go? I guess it would since I don't have to configure the lines. </P><P></P><P></P></BODY></HTML> Fri, 11 Apr 2008 15:19:03 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935325#M419610 umamon 2008-04-11T15:19:03Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935326#M419611 <HTML><HEAD></HEAD><BODY><P>Default is a good option to use if you are not using any method-list.</P><P></P><P>Default key word cover all interfaces accept serial.</P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Fri, 11 Apr 2008 20:10:15 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935326#M419611 Jagdeep Gambhir 2008-04-11T20:10:15Z https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935327#M419612 <HTML><HEAD></HEAD><BODY><P>Thanks John, You've been a big help.</P></BODY></HTML> Sat, 12 Apr 2008 04:49:39 GMT https://community.cisco.com/t5/network-access-control/getting-starting-with-aaa/m-p/935327#M419612 umamon 2008-04-12T04:49:39Z