Hello All,
Currently working on my CCNA Security and I've playing about with AAA and Cisco Secure ACS, but I'm having trouble getting users authorized using my ACS server.
I have enabled AAA, configured the TACACS+ server details and created custom Authentication and Authorization lists as followed -
aaa authentication login CustomLogin group tacacs+ local
aaa authorization exec CustomAuth group tacacs+ local
I have then applied them to the VTY lines.
Using ACS I have created two users and placed them in two seperate Identity Groups, Admins and Monitors. I created a Device Type and placed my router in the group.
I have created two Authorization polocies, the first refrencing the Admins group and the Device Type, and created a custom shell profile with default privilage of 15 (just copying the example from the CCNA Security guide). I then did the same again for the Monitors group, but set the privilage level to 1.
When I go to test it by telnetting in, the authentication aspect works fine, and both user able to get in. The problem is both users are placed in user mode...
When I look at ACS and the 'Hit Count' for both Authorization Profiles, they remain fixed at 0, whilst the 'default' profile at the bottom increases, telling me that my router isn't matching either of the profiles, but I'm not sure why...
I have had a mess about and double checked everything but can't figure out why authorization isn't working.
If anyone can offer any help it would be greatly appreciated, it's not a huge deal but it niggles not knowing why it doesn't work when I'm sure the answer will be something simple.
Thanks in advance.
