Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
899
Views
0
Helpful
1
Replies

Telnet sessions default to user exec mode.

kjgorman
Level 1
Level 1

‎05-17-2011 09:28 AM - edited ‎03-10-2019 06:05 PM

I am doing an eval of 5.2, we currently have 4.2 running in our network.

I followed the user guide to set up a shell profile for priviledged exec mode.  Set both the default and miximum priviledge to static 15.  When I login to a network device, get the switch> user exec mode prompt.  TACACS Authentication report shows this login as passed.  When I attempt to enable with the same password I get Error in Authentication.  The AAA Authentication report then shows "13029 Requested priviledge levl too high".

I am still using the same AAA Authentication configuration as was present on the switch and works for 4.2.  When I telnet to this switch and it is pointed at the 4.2 ACS I am immediately dropped in priviledged exec mode.

Any ideas?

aaa authentication login default group ACS local enable

aaa authentication enable default group ACS enable

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 1 default group ACS local

aaa authorization commands 15 default group ACS local

Labels:
0 Helpful
1 Reply 1

Nicolas Darchis
Cisco Employee
Cisco Employee

‎05-18-2011 12:39 AM

What if you don't assign the privilege level from ACS ?

By typing enable, they will then be able to raise to level 15 anyway.

The command "aaa authorization exec" allows to end up directly in enable mode but you pointed it to a different aaa server groups than the other commands, is it normal ?

0 Helpful
Customers Also Viewed These Support Documents