Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
5
Helpful
3
Replies

privilege problem in ACS

hacizeynal
Level 1
Level 1

‎10-23-2015 08:58 AM - edited ‎03-10-2019 11:10 PM

Hi dears ,

I have set a topology which there is ACS 5.5 and windows 2008 ,server is not working yet ,I have applied AAA methods to the just R6 and R7 ,both of them is asking for username which I created internally inside ACS  ,but there is a small problem , i created user tahir which privilege is 15 ,and user zeynal privilege 1 .when I telnet to the router I enter the username and password for zeynal ,it gives this output.

 

R6>show privi

Current privilege level is 1

R6>en

Password:

R6#sho

R6#show pri

R6#show privi

R6#show privilege

Current privilege level is 15

 

Why it turns to privilige 15 ??? I just have given to zeynal user privilege 1.

 

Can anyone please help me ??

Labels:
0 Helpful
3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎10-24-2015 08:59 PM 

Hi dears ,

I have set a topology which there is ACS 5.5 and windows 2008 ,server is not working yet ,I have applied AAA methods to the just R6 and R7 ,both of them is asking for username which I created internally inside ACS  ,but there is a small problem , i created user tahir which privilege is 15 ,and user zeynal privilege 1 .when I telnet to the router I enter the username and password for zeynal ,it gives this output.


R6>show privi

Current privilege level is 1

R6>en

Password:

R6#sho

R6#show pri

R6#show privi

R6#show privilege

Current privilege level is 15


Why it turns to privilige 15 ??? I just have given to zeynal user privilege 1.


Can anyone please help me ??

 

Hi,

Without seeing the configuration it is hard to comment anything but have look on the below two links which specifically speaks about ACS 5.5 and cisco router authorisation configuration.

ACS 5.5 configuration and Authorization in cisco router

Hope it Helps..

-GI

Rate if it Helps

hacizeynal
Level 1
Level 1
In response to Ganesh Hariharan

‎10-25-2015 04:51 AM


aaa new-model
aaa authentication login Zeynal group tacacs+ local enable
aaa authorization exec Zeynal group tacacs+ local
aaa authorization commands 2 default group tacacs+
aaa authorization commands 2 Zeynal group tacacs+
aaa authorization commands 15 default group tacacs+
aaa authorization commands 15 Zeynal group tacacs+

 

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to hacizeynal

‎10-26-2015 10:18 AM 

aaa new-model
aaa authentication login Zeynal group tacacs+ local enable
aaa authorization exec Zeynal group tacacs+ local
aaa authorization commands 2 default group tacacs+
aaa authorization commands 2 Zeynal group tacacs+
aaa authorization commands 15 default group tacacs+
aaa authorization commands 15 Zeynal group tacacs+

Hi,

​Try removing Zeynal with default as authorisation is coming from cisco ACS.

-GI

0 Helpful
Customers Also Viewed These Support Documents