ACS 5.1 Command sets, Shells and other stuff.

lkqciscotech · ‎02-04-2011

I'm a complete noob to ACS, and not strong in the AAA department. I'm trying to implement command sets for helpdesk trouble shooting.

I didn't setup the ACS server so I'm assuming that it was setup correctly.

As it stands, the people that need ro login into remote devices, can and have access.

I have two problems.

1) No matter what I do, my test user always logs in with the privilege 15 shell. It doesn't matter what I do to the group in the authorization area of the Access Policies, level 15 privilege.

2) When I apply the aaa authorization command 1 default group tacacs+ to my test AP, every account fails with commands at that privilege level. Same for level 0 and level 15. The command sets I have configured never even enter the picture.

My test authorization policy for my test user is setup correctly, mapped to the correct AD group, and has the command set applied.

If anyone has a clue, let me know and I'll supply more information.

PAUL GILBERT ARIAS · ‎02-04-2011

have checked the privilege level of the user in your ACS? If it has level 15 that will explain things.

lkqciscotech · ‎02-04-2011

Not sure how. ACS is AD integrated. There are no internal users setup.

PAUL GILBERT ARIAS · ‎02-04-2011

I think on this version there is a tab where the users are created. There you might also see the dynamically added users when there is a AD. I don't remember well on this version.