ACS 4.x How to make user fall directy to enable mode configuration example
From DocWiki
(Difference between revisions)
(Re-formatted, added summary. Changed command order, made "secret" instead of "password") |
(→ACS Configuration: Added step to save changes) |
||
| Line 23: | Line 23: | ||
# Place a check in "Shell (Exec)" | # Place a check in "Shell (Exec)" | ||
# Place a check in "Privilege level" and enter "15" in the adjacent field | # Place a check in "Privilege level" and enter "15" in the adjacent field | ||
| + | # Press "Submit" to save the changes | ||
Now login to the IOS device, and you will fall straight to enable mode | Now login to the IOS device, and you will fall straight to enable mode | ||
[[Category:Configuration Examples]] | [[Category:Configuration Examples]] | ||
Revision as of 04:32, 20 August 2010
Introduction
How to make user login straight to enable mode on IOS device
IOS Configuration
To enable TACACS+ based authentication and authorization, enter these commands on any IOS device. The TACACS+ key should match the key configured for the device on the ACS server.
Router(config)# aaa new-model Router(config)# username [username] privilege 15 secret [password] Router(config)# tacacs-server host [ACS IP] Router(config)# tacacs-server key [key] Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec default group tacacs+ if-authenticated
This also configures a local account for access if the ACS server is not available.
ACS Configuration
To bring users or groups in at privilege level 15:
- Go to user or group setup in ACS
- Drop down to "TACACS+ Settings"
- Place a check in "Shell (Exec)"
- Place a check in "Privilege level" and enter "15" in the adjacent field
- Press "Submit" to save the changes
Now login to the IOS device, and you will fall straight to enable mode
