ACS 4.x How to make user fall directy to enable mode configuration example

From DocWiki

Revision as of 21:37, 18 November 2011 by Jkratky (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


How to make user login straight to enable mode on IOS device

IOS Configuration

To enable TACACS+ based authentication and authorization, enter these commands on any IOS device. The TACACS+ key should match the key configured for the device on the ACS server.

Router(config)# aaa new-model
Router(config)# username [username] privilege 15 secret [password]
Router(config)# tacacs-server host [ACS IP]
Router(config)# tacacs-server key [key]
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ if-authenticated

This also configures a local account for access if the ACS server is not available.

ACS Configuration

To bring users or groups in at privilege level 15:

  1. Go to user or group setup in ACS
  2. Drop down to "TACACS+ Settings"
  3. Place a check in "Shell (Exec)"
  4. Place a check in "Privilege level" and enter "15" in the adjacent field
  5. Press "Submit" to save the changes

Now login to the IOS device, and you will fall straight to enable mode

Rating: 4.4/5 (11 votes cast)

Personal tools