ACS 4.x How to make user fall directy to enable mode configuration example
From DocWiki
(Difference between revisions)
(→ACS Configuration: Added step to save changes) |
|||
| Line 26: | Line 26: | ||
Now login to the IOS device, and you will fall straight to enable mode | Now login to the IOS device, and you will fall straight to enable mode | ||
| - | [[Category:Configuration Examples]] | + | [[Category:IOS Software and NX-OS Software Configuration Examples]] |
Latest revision as of 21:37, 18 November 2011
Introduction
How to make user login straight to enable mode on IOS device
IOS Configuration
To enable TACACS+ based authentication and authorization, enter these commands on any IOS device. The TACACS+ key should match the key configured for the device on the ACS server.
Router(config)# aaa new-model Router(config)# username [username] privilege 15 secret [password] Router(config)# tacacs-server host [ACS IP] Router(config)# tacacs-server key [key] Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec default group tacacs+ if-authenticated
This also configures a local account for access if the ACS server is not available.
ACS Configuration
To bring users or groups in at privilege level 15:
- Go to user or group setup in ACS
- Drop down to "TACACS+ Settings"
- Place a check in "Shell (Exec)"
- Place a check in "Privilege level" and enter "15" in the adjacent field
- Press "Submit" to save the changes
Now login to the IOS device, and you will fall straight to enable mode
