ACS 4.x How to make user fall directy to enable mode configuration example

From DocWiki

(Difference between revisions)
Jump to: navigation, search
m (ACS cofiguration: Minor corrections for grammar, wording, spelling, formatting)
(Re-formatted, added summary. Changed command order, made "secret" instead of "password")
Line 4: Line 4:
==IOS Configuration==
==IOS Configuration==
-
Router(config)# username [username] password [password]
+
To enable TACACS+ based authentication and authorization, enter these commands on any IOS device.  The TACACS+ key should match the key configured for the device on the ACS server.
-
tacacs-server host [ip]
+
Router(config)# aaa new-model
 +
Router(config)# username [''username''] privilege 15 secret [''password'']
 +
Router(config)# tacacs-server host [''ACS IP'']
 +
Router(config)# tacacs-server key [''key'']
 +
Router(config)# aaa authentication login default group tacacs+ local
 +
Router(config)# aaa authorization exec default group tacacs+ if-authenticated
-
tacacs-server key [key]
+
This also configures a local account for access if the ACS server is not available.
-
 
+
-
aaa new-model
+
-
 
+
-
aaa authentication login default group tacacs+ local
+
-
 
+
-
aaa authorization exec default group tacacs+ if-authenticated
+
==ACS Configuration==
==ACS Configuration==

Revision as of 04:31, 20 August 2010

Introduction

How to make user login straight to enable mode on IOS device


IOS Configuration

To enable TACACS+ based authentication and authorization, enter these commands on any IOS device. The TACACS+ key should match the key configured for the device on the ACS server.

Router(config)# aaa new-model
Router(config)# username [username] privilege 15 secret [password]
Router(config)# tacacs-server host [ACS IP]
Router(config)# tacacs-server key [key]
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ if-authenticated

This also configures a local account for access if the ACS server is not available.

ACS Configuration

To bring users or groups in at privilege level 15:

  1. Go to user or group setup in ACS
  2. Drop down to "TACACS+ Settings"
  3. Place a check in "Shell (Exec)"
  4. Place a check in "Privilege level" and enter "15" in the adjacent field

Now login to the IOS device, and you will fall straight to enable mode

Rating: 4.4/5 (7 votes cast)

Personal tools