Would appreciate some help here if it can be provided.

I am trying to configure TACACS auth for a Cisco ACE via our ACS 5.2 Server. I believe I have everything set up correctly but when I log in with my TACACS account it only gives me network monitor privileges.

This is the ACE Configuration I am using:

tacacs-server host 1.1.1.1 key XXXXXXXX

tacacs-server host 2.2.2.2 key XXXXXXXX

tacacs-server timeout 10

tacacs-server deadtime 30

!

aaa group server tacacs+ ACS

server 1.1.1.1

server 2.2.2.2

exit

!

aaa authentication login default group ACS local

aaa authentication login console group ACS local

aaa accounting default group ACS

!

This is the ACS Configuration:

When I log into the ACE I can see it authenticating and pulling the correct group from the ACS Log:

Logged At Status Details User Name Device Name Network Device Group Access Service Identity Store Identity Group ACS Server

Apr 30,13 8:57:40.566 AM     xxxckxxx

  AFA-ACE-Internal

  Device Type:All Device Types:Network Load Balance Devices, Location:Cameron Enterprises:Oklahoma:Data Center - 1 Device Access.TACACS

  AD1 All Groups:Administrator - Full HAPP-CSACS

Apr 30,13 8:52:20.256 AM     xxxckxxx

  AFA-ACE-Internal

  Device Type:All Device Types:Network Load Balance Devices, Location:Cameron Enterprises:Oklahoma:Data Center - 1 Device Access.TACACS

  AD1 All Groups:Administrator - Full xxx

Apr 30,13 8:43:43.276 AM     xxxckxxx

  AFA-ACE-Internal

  Device Type:All Device Types:Network Load Balance Devices, Location:Cameron Enterprises:Oklahoma:Data Center - 1 Device Access.TACACS

  AD1 All Groups:Administrator - Full xxx

But when I log into the ACE and do a show users I get:

*xxxckxxx    Dev_VC  pts/2   Apr 30 09:57 (x.x.x.x)  Network-Monitor default-domain

I have been searching for a couple of days to find a fix for this with no luck. Any help would be greatly appreciated.

Thanks.