Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1224
Views
10
Helpful
10
Replies

Getting starting with AAA

Go to solution
umamon
Level 1
Level 1

‎03-27-2008 10:17 AM - edited ‎03-10-2019 03:44 PM

Hi, I justed installed ACS 4.1 for Windows, I've added a user account and a router, my router can communicate with the ACS server, I can authenticate to the router, but my authentication will not take me into enable (or priviledge) mode. It takes me right to the user mode. From the server I tried granting priv 15 to my user group and also to me as a user still doesn't work. I have the basic configuration on the router

aaa new-model

aaa authentication login susd group tacacs+ local

tacacs-server host 10.x.x.x

tacacs-server directed-request

tacacs-server key xxxx

Can someone help a rookie out.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎03-27-2008 11:51 AM

Try this:

ROUTER#config t

Enter configuration commands, one per line. End with CNTL/Z.

ROUTER(config)#line vty 0 4

ROUTER(config-line)#privilege level 15

ROUTER(config-line)#end

ROUTER#

HTH

View solution in original post

0 Helpful

Go to solution
john.dowson
Level 1
Level 1
In response to umamon

‎04-11-2008 07:09 AM

Ah I guess you're using a named authorization method rather than the default one which is why it need applying to the VTY lines. The default method would apply to all lines where not already configured.

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎03-27-2008 11:51 AM

Try this:

ROUTER#config t

Enter configuration commands, one per line. End with CNTL/Z.

ROUTER(config)#line vty 0 4

ROUTER(config-line)#privilege level 15

ROUTER(config-line)#end

ROUTER#

HTH

0 Helpful

Go to solution
umamon
Level 1
Level 1
In response to Collin Clark

‎03-27-2008 01:14 PM

Hi HTH,

Thanks that worked!

0 Helpful

Go to solution
john.dowson
Level 1
Level 1

‎04-05-2008 07:20 AM

You can also achieve this using TACACS authorization. Enter the following command in global configuration mode:

aaa authorization exec default group tacacs+ local

This will enable the router to put you into your assigned privileged mode as configured on the ACS.

Go to solution
umamon
Level 1
Level 1
In response to john.dowson

‎04-10-2008 09:01 AM

I think this is actually the way I wanna go, so I can take advantage of aaa logging.

If I use this authorization command should I remove the privilege login from my VTY lines?

0 Helpful

Go to solution
john.dowson
Level 1
Level 1
In response to umamon

‎04-10-2008 02:26 PM

Yes, you don't need the privilege level set on the VTY lines when using the authorization method.

John

Go to solution
umamon
Level 1
Level 1
In response to john.dowson

‎04-10-2008 02:57 PM

Thanks John,

That gave me exactly what i was looking for. I also had to place the authorization command on the line.

0 Helpful

Go to solution
john.dowson
Level 1
Level 1
In response to umamon

‎04-11-2008 07:09 AM

Ah I guess you're using a named authorization method rather than the default one which is why it need applying to the VTY lines. The default method would apply to all lines where not already configured.

0 Helpful

Go to solution
umamon
Level 1
Level 1
In response to john.dowson

‎04-11-2008 08:19 AM

John,

Do you think that the default method is the better way to go? I guess it would since I don't have to configure the lines.

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to umamon

‎04-11-2008 01:10 PM

Default is a good option to use if you are not using any method-list.

Default key word cover all interfaces accept serial.

Regards,

~JG

0 Helpful

Go to solution
umamon
Level 1
Level 1
In response to Jagdeep Gambhir

‎04-11-2008 09:49 PM

Thanks John, You've been a big help.

0 Helpful
Customers Also Viewed These Support Documents