Re: Privilege Level for Tacacs Account in Nexus 7000

qasey_shiz · ‎08-29-2013

Hi,

I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.

In n7k when I entered into "configure terminal" It won't allow me to access other commands.

How to login into level 15 privilege mode after authenticating from tacacs

(config)# show running-config tacacs+

tacacs-server key 7 "xxxxx"

tacacs-server host x.x.x.x key 7 "xxxx"

aaa group server tacacs+ TacServer

server x.x.x.x (same ip as tacacs-server host)

use-vrf management

source-interface Vlan2

(config)# show running-config aaa

aaa authentication login default group TacServer

aaa authentication login console local

aaa user default-role

Here below are the commands accessible in "Terminal" currently

(config)# ?

no Negate a command or set its defaults

username Configure user information.

end Go to exec mode

exit Exit from command interpreter

isb.n7k-dcn-agg-1-sw(config)#

jan.nielsen · ‎09-03-2013

I'm not 100% sure about ACS 4.2, as i have only tried this in ACS 5.x, but there you needed to send a shell profile back to the nexus, with this line for exec mode :

shell:roles="network-admin"

qasey_shiz · ‎09-03-2013

Hi Jan.nielsen

Issue is resolved but by another way.

I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command