Hi 

       Am using cisco ACS 5.2 in my environment for centralized login management of devices with tacacs+ protocol.

       Currently i have configured a aaa client(cisco 3750) in ACS for testing purpose.

       Login authentication works fine unlike enable password authentication which pops following error(ACS log).

              13029 requested user privilege level too high fix

          Actually we have three shell profiles(L2/L1/L0) with relevant command sets(L2/L1/L0). Hence three authorization policies has been created for default device admin with relevant shell pro/cmd set mapped for relevant device identity groups.

         Default authorization policy is been mapped to shell:permit access/cmd:deny all commands.

         AAA client config

                aaa authentication login default group tacacs+ local
                aaa authentication enable default group tacacs+ enable

            Can some one help me out to have this fixed. Pls...