Privlige level to cisco from tacacs

Posted on 2012-08-24
Last Modified: 2013-06-25

We are using our users from AD to log into our Cisco ASA 5000-serie firewalls.
But we want to be able to give different privilege levels to the users. We want some to have priv-level 15 with all access, and the rest with priv-level 5, who only are able to look around (Read Only).

The authentication we are using are tacacs+.
I've tried to use the "set priv-lvl = 5" but I can't get it to work.

Anyone have any experience with this and know how I can accoplish this?
Question by:HFK-IKT
    LVL 18

    Expert Comment


    Author Comment

    Have seen this before, but we do not have the ACS. We are using free tac_plus on a debian server.
    When I create local users on the ASA and creates the Monitor, Read only and Admin priv-levels. I can log into the ASA with ASDM and only see the monitor option when I'm in Monitor priv-level.
    What I want is to accomplish this, only by using our users from AD.

    Accepted Solution

    This was the thing I was looking for.
        group = Admin {
            default service = permit
            service = shell {
                default command = permit
                default attribute = permit
                set priv-lvl = 15

    And I just created another group in tac_plus.cfg and in AD for the priv level 5 group.

    Author Closing Comment

    Figured this out by myself.
    I'd removed the "default"'s when I wanted to strip down to priv-lvl 5
    LVL 1

    Expert Comment

    This is what i have been looking for as well. Im using TACACS_plus.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Suggested Solutions

    Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
    Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now