cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
816
Views
0
Helpful
6
Replies

TACACS Issue with IOS image 15.3

Inderjeet Singh
Level 1
Level 1

Dear all,

I am facing a Tacacs issue with 15.3 image on 1941 router..

Basically when we ordered new 1941, the default image we got was  c1900-universalk9-mz.SPA.153-1.T1.bin

Now we have two privilege levels configured for different users group on Tacacs.. Level 15 is system engineers and Level 7 for helpdesk engineers.

Below are the privilege 7 commands allowed on router..

privilege exec level 7 traceroute
privilege exec level 7 ping
privilege exec level 7 show startup-config
privilege exec level 7 show running-config
privilege exec level 7 show configuration
privilege exec level 1 show logging
privilege exec level 1 show

When the system engineer logs into router with Privilege 15, he doesn't get any issue in running any "show" command.. but when a helpdesk engineer logs in, he get below error while running "show" command.

civrixr01_new#sh config

Using 13253 out of 262136 bytes

%Error opening nvram:/startup-config (Permission denied)

When I changed the IOS to c1900-universalk9-mz.SPA.151-4.M7.bin(lower version) .. The error disappeared..

Any Idea if this can be an IOS bug or Tacacs server issue.

1 Accepted Solution

Accepted Solutions

pradeepser
Level 1
Level 1

Hi Inderjeet,

In that new IOS, configure the file system privilege level through config command "file privilege 7" and check.

Regards,

Kumar

View solution in original post

6 Replies 6

pradeepser
Level 1
Level 1

Hi Inderjeet,

In that new IOS, configure the file system privilege level through config command "file privilege 7" and check.

Regards,

Kumar

Hi Pradeep,

Thanks.. I will apply this, check and will confirm..

 

Thanks..

Inderjeet

Hello

 

when logged on as the desktop engineer

show privilege

 

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

Here is the output of "show privilege" command

 

civrixr01_new#show privi

Current privilege level is 7

civrixr01_new#

Hello

 

looks like the desktop account as define access privileges hence the reason why they cannot perform the show run command

privilege exec level 7 show run

 

res

Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Inderjeet Singh
Level 1
Level 1

Hi Pradeep,

Thanks.. its working..

Hi Paul,

Appreciate your help as well in sorting this out..

 

Thanks..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: