Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
593
Views
0
Helpful
1
Replies

How can I use effectively the "ENABLE OPTIONS"

jkunzbva8
Level 1
Level 1

‎08-19-2009 04:08 AM

Hi

I am setting up cisco ACS appliance 113 Server (4.0).

GROUPS DEFINED

==============

Group 1 : admincentral

Group 2 : limited admin

Group 3 : education

Network device groups NDGs Defined

==================================

Switch

Router

WLAN

AAA CONFIG IN CLIENT

===================

aaa authentication login CONSOLE group tacacs+ local-case enable

aaa authentication login VTY group tacacs+ local-case enable

aaa authentication login TACACS group tacacs+ enable

aaa authentication enable default enable

aaa authorization exec default group

tacacs+ group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

tacacs-server host a.b.c.d key xxx

tacacs-server directed-request

ACHIVEMENT SO FAR

=================

Whenver I login to the device, it directly takes me into the privilige

level e.g. level 15 for superuser for example instead of asking for

enable password.

PROBLEM

=======

How can I use effectively the "ENABLE OPTIONS", it has three options

1)No enable privileges

2) Max privilege level for any AAA client

3)Define MAX Privilege on a per NDG basis

But pitty is I am not able to use it effectively, can you help me ???

Currently what I do is , I goto "TACACS+ SETTINGS" section and then CHECK the Shell(exec) and Privilege leve check box with number lets say 15 or 10 or 4.

Believe me nothing works unless I check the PRIVILEGE LEVEL CHECK BOX

and fill the number, whatever level I set there, it becomes applicable

for all the users for all the devices and that is very strange can you

help me ?

Thanks and regards

Labels:
0 Helpful
1 Reply 1

mchin345
Level 6
Level 6

‎08-25-2009 01:38 PM

Perform this procedure to configure group-level TACACS+ enabling parameters. The three possible TACACS+ enable options are:

• No Enable Privilege-(default) Disallows enable privileges for this user group.

• Max Privilege for Any AAA Client-Selects the maximum privilege level for this user group for any AAA client on which this group is authorized.

• Define max Privilege on a per-network device group basis-Defines maximum privilege levels for an NDG. To use this option, you create a list of device groups and corresponding maximum privilege levels. See your AAA client documentation for information about privilege levels.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/g.html#wp540570

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents