02-04-2010 04:32 PM - edited 03-10-2019 04:56 PM
Hi,
I have the ACS SE 4.2, and 2950 edge switches.
I have setup two users, one admin and one test on the ACS.
I have applied the following configuration on my switch:
aaa authentication login default group tacacs+ local enable
aaa authorization config-commands
aaa authorization exec default group tacacs+
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
The test user is in it's own group, and I have applied a max privilege level of 15 to this group.
I have then set specific commands that the group is permitted to use, and denied to use.
However it doesn't seem to work correctly.
Can anyone see an error in how I've configured the switch?
I have attached screenshots of the user and group setup also.
Thanks!
02-04-2010 04:34 PM
02-05-2010 02:31 AM
This was how we configured the switches at my last place.
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
HTH
Pete
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide