Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
2
Helpful
2
Replies

about tacacs privilege level

Go to solution
tjdwns4111
Level 1
Level 1

‎08-15-2023 12:34 AM

I applied the configuration below to the router.

And when i connect to the router, it is authenticated by Tacas and immediately connects to level 15.

I want to start with level 1 and want to login level 15 by using enable command. which config should I fix?

aaa group server tacacs+ A

 server name x.x.x.x

 ip vrf forwarding mgmt-intf

 ip tacacs source-interface GigabitEthernet0

 

aaa authentication login default group A local

aaa authentication enable default group A enable

aaa authorization exec default group A local

 

aaa authorization commands 15 default group A local

 

aaa accounting exec A start-stop group A

aaa accounting network A start-stop group A

 

aaa accounting commands 0 default start-stop group A

aaa accounting commands 1 default start-stop group A

aaa accounting commands 5 default start-stop group A

aaa accounting commands 15 default start-stop group A

 

tacacs-server directed-request

tacacs server x

 address ipv4 x.x.x.x

 key xxxx

 

 

 

1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎08-15-2023 03:11 AM

Hello @tjdwns4111,

Please remove the 'aaa authorization commands 15 default group A local' line, since you want to start with level 1.

Also, update the 'aaa authorization exec default group A local' line to include the if-authenticated keyword:

aaa authorization exec default group A if-authenticated

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

2 Replies 2

Go to solution
marce1000
VIP
VIP

‎08-15-2023 12:41 AM

 

 - FYI : https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎08-15-2023 03:11 AM

Hello @tjdwns4111,

Please remove the 'aaa authorization commands 15 default group A local' line, since you want to start with level 1.

Also, update the 'aaa authorization exec default group A local' line to include the if-authenticated keyword:

aaa authorization exec default group A if-authenticated

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
Customers Also Viewed These Support Documents