cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

398
Views
0
Helpful
3
Replies
Highlighted
Beginner

ACS 5.5 - Issue where cannot login directly into Priv Exec

Hi, I have configured the ACS 5.5 following a number of documents, the last one being a support forum doc, "How to Configure tacacs Authentication and Authorization for Admin and non-Admin users in ACS 5.1", yet each time when I login to the Cisco device, it logs me directly into user exec mode and not priv exec.

I am sure I had it working earlier but it is no longer working. Any ideas anyone?

The Designer Shell profile has the following configured with the 2 privilege settings as 15.

Service selection rules:

The Device Authorisation Policy is as follows;

The cisco AAA commands are;

aaa new-model
aaa authentication login default group tacacs+ line enable
aaa authentication enable default group tacacs+ line enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

 

 

3 REPLIES 3
Highlighted
Participant

Hi Russel,As this the ACS in

Hi Russel,

As this the ACS in the backend, could you share the exported detailed PDF (magnifying glass and print to pdf on top left) of the Tacacs+ Authorization attempt on the ACS when you login.

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
Highlighted
Beginner

Anyone find a fix for this?

Worked thanks

Highlighted
Enthusiast

for different IOS the

for different IOS the commands are diff, So please have a look on:

How to Assign Privilege Levels with TACACS+ and RADIUS:

http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html