ACS 4.x How to make user fall directy to enable mode configuration example

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Re-formatted, added summary. Changed command order, made "secret" instead of "password")
 
(One intermediate revision not shown)
Line 23: Line 23:
# Place a check in "Shell (Exec)"
# Place a check in "Shell (Exec)"
# Place a check in "Privilege level" and enter "15" in the adjacent field
# Place a check in "Privilege level" and enter "15" in the adjacent field
 +
# Press "Submit" to save the changes
Now login to the IOS device, and you will fall straight to enable mode
Now login to the IOS device, and you will fall straight to enable mode
-
[[Category:Configuration Examples]]
+
[[Category:IOS Software and NX-OS Software Configuration Examples]]

Latest revision as of 21:37, 18 November 2011

Introduction

How to make user login straight to enable mode on IOS device


IOS Configuration

To enable TACACS+ based authentication and authorization, enter these commands on any IOS device. The TACACS+ key should match the key configured for the device on the ACS server.

Router(config)# aaa new-model
Router(config)# username [username] privilege 15 secret [password]
Router(config)# tacacs-server host [ACS IP]
Router(config)# tacacs-server key [key]
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ if-authenticated

This also configures a local account for access if the ACS server is not available.

ACS Configuration

To bring users or groups in at privilege level 15:

  1. Go to user or group setup in ACS
  2. Drop down to "TACACS+ Settings"
  3. Place a check in "Shell (Exec)"
  4. Place a check in "Privilege level" and enter "15" in the adjacent field
  5. Press "Submit" to save the changes

Now login to the IOS device, and you will fall straight to enable mode

Rating: 4.3/5 (8 votes cast)

Personal tools