ACS 4.x How to make user fall directy to enable mode configuration example

From DocWiki

(Difference between revisions)
Jump to: navigation, search
 
(4 intermediate revisions not shown)
Line 4: Line 4:
==IOS Configuration==
==IOS Configuration==
-
Router(config)# username [username] password [password]
+
To enable TACACS+ based authentication and authorization, enter these commands on any IOS device.  The TACACS+ key should match the key configured for the device on the ACS server.
-
tacacs-server host [ip]
+
Router(config)# aaa new-model
 +
Router(config)# username [''username''] privilege 15 secret [''password'']
 +
Router(config)# tacacs-server host [''ACS IP'']
 +
Router(config)# tacacs-server key [''key'']
 +
Router(config)# aaa authentication login default group tacacs+ local
 +
Router(config)# aaa authorization exec default group tacacs+ if-authenticated
-
tacacs-server key [key]
+
This also configures a local account for access if the ACS server is not available.
-
aaa new-model
+
==ACS Configuration==
-
aaa authentication login default group tacacs+ local
+
To bring users or groups in at privilege level 15:
-
aaa authorization exec default group tacacs+ if-authenticated
+
# Go to user or group setup in ACS
 +
# Drop down to "TACACS+ Settings"
 +
# Place a check in "Shell (Exec)"
 +
# Place a check in "Privilege level" and enter "15" in the adjacent field
 +
# Press "Submit" to save the changes
-
==ACS cofiguration==
+
Now login to the IOS device, and you will fall straight to enable mode
-
 
+
[[Category:IOS Software and NX-OS Software Configuration Examples]]
-
Bring users/groups in at level 15
+
-
 
+
-
1.  Go to user or group setup in ACS
+
-
 
+
-
2.  Drop down to "TACACS+ Settings"
+
-
 
+
-
3.  Place a check in "Shell (Exec)"
+
-
 
+
-
4.  Place a check in "Privilege level" and enter "15" in the adjacent field
+
-
 
+
-
 
+
-
Now login to IOS device, you will fall straight to enable mode
+

Latest revision as of 21:37, 18 November 2011

Introduction

How to make user login straight to enable mode on IOS device


IOS Configuration

To enable TACACS+ based authentication and authorization, enter these commands on any IOS device. The TACACS+ key should match the key configured for the device on the ACS server.

Router(config)# aaa new-model
Router(config)# username [username] privilege 15 secret [password]
Router(config)# tacacs-server host [ACS IP]
Router(config)# tacacs-server key [key]
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ if-authenticated

This also configures a local account for access if the ACS server is not available.

ACS Configuration

To bring users or groups in at privilege level 15:

  1. Go to user or group setup in ACS
  2. Drop down to "TACACS+ Settings"
  3. Place a check in "Shell (Exec)"
  4. Place a check in "Privilege level" and enter "15" in the adjacent field
  5. Press "Submit" to save the changes

Now login to the IOS device, and you will fall straight to enable mode

Rating: 4.4/5 (7 votes cast)

Personal tools