ACS 4.x How to make user fall directy to enable mode configuration example

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(New page: {{Template:Required Metadata}} ==Introduction== <!--How to make user login straight to enable mode on IOS device--> ==Configuration== <!--Router(config)# username [username] password ...)
 
(5 intermediate revisions not shown)
Line 1: Line 1:
-
{{Template:Required Metadata}}
 
-
 
==Introduction==
==Introduction==
-
 
+
How to make user login straight to enable mode on IOS device
-
<!--How to make user login straight to enable mode on IOS device-->
+
-
==Configuration==
+
==IOS Configuration==
 +
To enable TACACS+ based authentication and authorization, enter these commands on any IOS device.  The TACACS+ key should match the key configured for the device on the ACS server.
-
<!--Router(config)# username [username] password [password]
+
Router(config)# aaa new-model
-
tacacs-server host [ip]
+
Router(config)# username [''username''] privilege 15 secret [''password'']
-
tacacs-server key [key]
+
Router(config)# tacacs-server host [''ACS IP'']
-
aaa new-model
+
Router(config)# tacacs-server key [''key'']
-
aaa authentication login default group tacacs+ local
+
Router(config)# aaa authentication login default group tacacs+ local
-
aaa authorization exec default group tacacs+ if-authenticated-->
+
Router(config)# aaa authorization exec default group tacacs+ if-authenticated
-
==ACS cofiguration==
+
This also configures a local account for access if the ACS server is not available.
-
Bring users/groups in at level 15
+
-
1. Go to user or group setup in ACS
+
-
2.  Drop down to "TACACS+ Settings"
+
-
3.  Place a check in "Shell (Exec)"
+
-
4.  Place a check in "Privilege level" and enter "15" in the adjacent field
+
 +
==ACS Configuration==
-
<!--Now login to IOS device, you will fall straight to enable mode >
+
To bring users or groups in at privilege level 15:
 +
# Go to user or group setup in ACS
 +
# Drop down to "TACACS+ Settings"
 +
# Place a check in "Shell (Exec)"
 +
# Place a check in "Privilege level" and enter "15" in the adjacent field
 +
# Press "Submit" to save the changes
-
=
+
Now login to the IOS device, and you will fall straight to enable mode
 +
[[Category:IOS Software and NX-OS Software Configuration Examples]]

Latest revision as of 21:37, 18 November 2011

Introduction

How to make user login straight to enable mode on IOS device


IOS Configuration

To enable TACACS+ based authentication and authorization, enter these commands on any IOS device. The TACACS+ key should match the key configured for the device on the ACS server.

Router(config)# aaa new-model
Router(config)# username [username] privilege 15 secret [password]
Router(config)# tacacs-server host [ACS IP]
Router(config)# tacacs-server key [key]
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ if-authenticated

This also configures a local account for access if the ACS server is not available.

ACS Configuration

To bring users or groups in at privilege level 15:

  1. Go to user or group setup in ACS
  2. Drop down to "TACACS+ Settings"
  3. Place a check in "Shell (Exec)"
  4. Place a check in "Privilege level" and enter "15" in the adjacent field
  5. Press "Submit" to save the changes

Now login to the IOS device, and you will fall straight to enable mode

Rating: 4.4/5 (7 votes cast)

Personal tools