ACS 4.x How to make user fall directy to enable mode configuration example

From DocWiki

Revision as of 04:32, 20 August 2010 by Mikecrowe4ics (Talk | contribs)
Jump to: navigation, search

Introduction

How to make user login straight to enable mode on IOS device


IOS Configuration

To enable TACACS+ based authentication and authorization, enter these commands on any IOS device. The TACACS+ key should match the key configured for the device on the ACS server.

Router(config)# aaa new-model
Router(config)# username [username] privilege 15 secret [password]
Router(config)# tacacs-server host [ACS IP]
Router(config)# tacacs-server key [key]
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ if-authenticated

This also configures a local account for access if the ACS server is not available.

ACS Configuration

To bring users or groups in at privilege level 15:

  1. Go to user or group setup in ACS
  2. Drop down to "TACACS+ Settings"
  3. Place a check in "Shell (Exec)"
  4. Place a check in "Privilege level" and enter "15" in the adjacent field
  5. Press "Submit" to save the changes

Now login to the IOS device, and you will fall straight to enable mode

Rating: 4.3/5 (9 votes cast)

Personal tools