This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am facing issues when enabling tacacs authentication on my cisco switch, aaa login/password is working, aaa enable is not. Underneath details of my devices.
Cisco ACS 1121: version 5.1
Cisco Switch 3560: ios ver 15
I also attached here some documents for your review and comment (switch aaa configuration, debug aaa authentication, acs captured screen)
Hoping to receive an update and comment from you soon.
The problem lies in the shell profile being assigned in the authorization section of the ACS configuration.
Access Policies--> Default device admin (or a one you have created)--> Authorization--> look at the rule that matches.
The shell profile has to have maximum privilege set to 15 for this to work.
**Share your knowledge. It’s a way to achieve immortality.
Please Rate if helpful.
I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
Further there's also some discussion, seems related to this issue, but its using ACS version 4.2
Did you edit the service selection rules?
Labminutes has some really good videos for configuring ACS. It will walk you through exactly what you're trying to do.
please have a look on this docunment for Steps to configure Tacacs Authentication
Please find the link below step 3 and 4 may help you for solution.