Hi all, Please see the screenshots. The "user_jagvillanueva" file shows TACACS+ Accounting logs. Same user has privilege level 15 and sometimes 1. The problem is that where does that "privilege level 1" come from?? This problem occurs in all the users. The user has privilege level 15 tied to its username (other attributes). In my Access Policies it also gives the user a shell profile with default privilege level 15. All devices have the same baseline config: aaa new-model aaa authentication login LAN group tacacs+ local aaa authorization exec LAN group tacacs+ local if-authenticated aaa authorization commands 7 LAN group tacacs+ local aaa authorization commands 15 LAN group tacacs+ local aaa accounting exec LAN start-stop group tacacs+ aaa accounting commands 7 LAN start-stop group tacacs+ aaa accounting commands 15 LAN start-stop group tacacs+ line vty 0 4 access-class 20 in exec-timeout 5 0 password 7 <removed> authorization commands 7 LAN authorization commands 15 LAN authorization exec LAN accounting commands 7 LAN accounting commands 15 LAN accounting exec LAN login authentication LAN transport input ssh I have patched it with the latest. AAA works fine, users authenticate properly and granted correct permissions. It's just in the logs the displayed privilege levels is incorrect. Please see the other two screenshots. They show the details of one accounting log where the user entered ping command, displays priv level 1 but the attribute says priv level 15. Many thanks in advance!!!
... View more