Hi
I am setting up cisco ACS appliance 113 Server (4.0).
GROUPS DEFINED
==============
Group 1 : admincentral
Group 2 : limited admin
Group 3 : education
Network device groups NDGs Defined
==================================
Switch
Router
WLAN
AAA CONFIG IN CLIENT
===================
aaa authentication login CONSOLE group tacacs+ local-case enable
aaa authentication login VTY group tacacs+ local-case enable
aaa authentication login TACACS group tacacs+ enable
aaa authentication enable default enable
aaa authorization exec default group
tacacs+ group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
tacacs-server host a.b.c.d key xxx
tacacs-server directed-request
ACHIVEMENT SO FAR
=================
Whenver I login to the device, it directly takes me into the privilige
level e.g. level 15 for superuser for example instead of asking for
enable password.
PROBLEM
=======
How can I use effectively the "ENABLE OPTIONS", it has three options
1)No enable privileges
2) Max privilege level for any AAA client
3)Define MAX Privilege on a per NDG basis
But pitty is I am not able to use it effectively, can you help me ???
Currently what I do is , I goto "TACACS+ SETTINGS" section and then CHECK the Shell(exec) and Privilege leve check box with number lets say 15 or 10 or 4.
Believe me nothing works unless I check the PRIVILEGE LEVEL CHECK BOX
and fill the number, whatever level I set there, it becomes applicable
for all the users for all the devices and that is very strange can you
help me ?
Thanks and regards