https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735446#M56992 <P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Hi dears ,</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">I have set a topology which there is ACS 5.5 and windows 2008 ,server is not working yet ,I have applied AAA methods to the just R6 and R7 ,both of them is asking for username which I created internally inside ACS&nbsp; ,but there is a small problem , i created user tahir which privilege is 15 ,and user zeynal privilege 1 .when I telnet to the router I enter the username and password for zeynal ,it gives this output.</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline; min-height: 8pt;">&nbsp;</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6&gt;show privi</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Current privilege level is 1</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6&gt;en</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Password:</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6#sho</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6#show pri</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6#show privi</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6#show privilege</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Current privilege level is 15</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline; min-height: 8pt;">&nbsp;</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Why it turns to privilige 15 ??? I just have given to zeynal user privilege 1.</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline; min-height: 8pt;">&nbsp;</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Can anyone please help me ??</P> Mon, 11 Mar 2019 06:10:50 GMT hacizeynal 2019-03-11T06:10:50Z https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735446#M56992 <P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Hi dears ,</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">I have set a topology which there is ACS 5.5 and windows 2008 ,server is not working yet ,I have applied AAA methods to the just R6 and R7 ,both of them is asking for username which I created internally inside ACS&nbsp; ,but there is a small problem , i created user tahir which privilege is 15 ,and user zeynal privilege 1 .when I telnet to the router I enter the username and password for zeynal ,it gives this output.</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline; min-height: 8pt;">&nbsp;</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6&gt;show privi</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Current privilege level is 1</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6&gt;en</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Password:</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6#sho</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6#show pri</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6#show privi</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">R6#show privilege</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Current privilege level is 15</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline; min-height: 8pt;">&nbsp;</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Why it turns to privilige 15 ??? I just have given to zeynal user privilege 1.</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline; min-height: 8pt;">&nbsp;</P><P style="margin-bottom: 0px; padding: 0px; border: 0px; font-size: 14px; font-family: Arial; vertical-align: baseline;">Can anyone please help me ??</P> Mon, 11 Mar 2019 06:10:50 GMT https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735446#M56992 hacizeynal 2019-03-11T06:10:50Z https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735447#M56993 <PRE style="margin-bottom: 0px; font-size: 14px; padding: 0px; border: 0px; font-family: Arial;"> Hi dears , I have set a topology which there is ACS 5.5 and windows 2008 ,server is not working yet ,I have applied AAA methods to the just R6 and R7 ,both of them is asking for username which I created internally inside ACS ,but there is a small problem , i created user tahir which privilege is 15 ,and user zeynal privilege 1 .when I telnet to the router I enter the username and password for zeynal ,it gives this output. R6&gt;show privi Current privilege level is 1 R6&gt;en Password: R6#sho R6#show pri R6#show privi R6#show privilege Current privilege level is 15 Why it turns to privilige 15 ??? I just have given to zeynal user privilege 1. Can anyone please help me ??</PRE> <P>&nbsp;</P> <P>Hi,</P> <P>Without seeing the configuration it is hard to comment anything but have look on the below two links which specifically speaks about ACS 5.5 and cisco router authorisation configuration.</P> <P><A href="http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/migration/guide/migration_guide/Migration_Configure.html">ACS 5.5 configuration</A>&nbsp;and <A href="http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfauth.html">Authorization in cisco router</A></P> <P>Hope it Helps..</P> <P>-GI</P> <P>Rate if it Helps</P> Sun, 25 Oct 2015 03:59:13 GMT https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735447#M56993 Ganesh Hariharan 2015-10-25T03:59:13Z https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735448#M56994 <P><BR />aaa new-model<BR />aaa authentication login Zeynal group tacacs+ local enable<BR />aaa authorization exec Zeynal group tacacs+ local<BR />aaa authorization commands 2 default group tacacs+<BR />aaa authorization commands 2 Zeynal group tacacs+<BR />aaa authorization commands 15 default group tacacs+<BR />aaa authorization commands 15 Zeynal group tacacs+</P><P>&nbsp;</P> Sun, 25 Oct 2015 11:51:43 GMT https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735448#M56994 hacizeynal 2015-10-25T11:51:43Z https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735449#M56995 <PRE> <SPAN style="font-size: 14px;">aaa new-model</SPAN> <SPAN style="font-size: 14px;">aaa authentication login Zeynal group tacacs+ local enable</SPAN> <SPAN style="font-size: 14px;">aaa authorization exec Zeynal group tacacs+ local</SPAN> <SPAN style="font-size: 14px;">aaa authorization commands 2 default group tacacs+</SPAN> <SPAN style="font-size: 14px;">aaa authorization commands 2 Zeynal group tacacs+</SPAN> <SPAN style="font-size: 14px;">aaa authorization commands 15 default group tacacs+</SPAN> <SPAN style="font-size: 14px;">aaa authorization commands 15 Zeynal group tacacs+</SPAN></PRE> <P><SPAN style="font-size: 14px;">Hi,</SPAN></P> <P><SPAN style="font-size: 14px;">​Try removing Zeynal with default as&nbsp;authorisation is coming from cisco ACS.</SPAN></P> <P><SPAN style="font-size: 14px;">-GI</SPAN></P> Mon, 26 Oct 2015 17:18:48 GMT https://community.cisco.com/t5/network-access-control/privilege-problem-in-acs/m-p/2735449#M56995 Ganesh Hariharan 2015-10-26T17:18:48Z