[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Privlige level to cisco from tacacs

Posted on 2012-08-24
Medium Priority
Last Modified: 2013-06-25

We are using our users from AD to log into our Cisco ASA 5000-serie firewalls.
But we want to be able to give different privilege levels to the users. We want some to have priv-level 15 with all access, and the rest with priv-level 5, who only are able to look around (Read Only).

The authentication we are using are tacacs+.
I've tried to use the "set priv-lvl = 5" but I can't get it to work.

Anyone have any experience with this and know how I can accoplish this?
Question by:HFK-IKT
  • 3
LVL 18

Expert Comment

ID: 38329038

Author Comment

ID: 38352270
Have seen this before, but we do not have the ACS. We are using free tac_plus on a debian server.
When I create local users on the ASA and creates the Monitor, Read only and Admin priv-levels. I can log into the ASA with ASDM and only see the monitor option when I'm in Monitor priv-level.
What I want is to accomplish this, only by using our users from AD.

Accepted Solution

HFK-IKT earned 0 total points
ID: 38353424
This was the thing I was looking for.
    group = Admin {
        default service = permit
        service = shell {
            default command = permit
            default attribute = permit
            set priv-lvl = 15

And I just created another group in tac_plus.cfg and in AD for the priv level 5 group.

Author Closing Comment

ID: 38362945
Figured this out by myself.
I'd removed the "default"'s when I wanted to strip down to priv-lvl 5

Expert Comment

ID: 39276346
This is what i have been looking for as well. Im using TACACS_plus.

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Considering cloud tradeoffs and determining the right mix for your organization.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question