10-11-2010 08:05 PM - edited 03-10-2019 05:29 PM
Hi all,
I have ACS 1120 device with version 5.0.
I have configured 3 users on acs giving them privillage 15 to all and bar them with command sets.But when ACS will goes down I need to make authentication and autorization locally.So I created two seperate users locally giving privillage one to 15 and other is 10.For privillage 10 I have assigned some limited commond set to privillage 10.
But problem is when my ACS authorization and local authorization come in to picture my ACS user which only have show access getting configuration access also.
So plz help me for the same
If my ACS goes down need to fallen down on local authentication and authorization..
Thanks,
Pranav
10-11-2010 11:22 PM
plz find aaa configuration on router
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 5 default group tacacs+ local
aaa authorization commands 5 ssst group tacacs+ local
aaa authorization commands 10 netmon group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization commands 15 admin group tacacs+ local
aaa authorization network default group tacacs+ local
aaa authorization configuration default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
I have created two local users one is giving priv 15 and one is giving priv 10
commond set for priv 10
privilege interface level 10 ip add
privilege interface level 10 shut
privilege interface level 10 no sh
privilege interface level 10 exit
privilege configure level 10 interface!
privilege configure level 10 interface all
privilege exec level 10 show!
privilege exec level 10 traceroute
privilege exec level 10 show run
privilege exec level 10 conf t
Thnaks
Pranav
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide