I think its the default privillege for users. Try on the router 'aaa authorization exec <NAME> group tacacs' and on the vty line 'authorization exec <NAME>' it will tell the router to take the priv level from your tacas server
Sent from my iPhone On 21 במרס 2011, at 08:28, "kamran shakil" <[email protected]> wrote: > Dears, > A basic but important question regareding AAA test. > Hi all, > > In ACS i have a user kamran with same pass, and also with shell (checked) and > priv box(checked) = 15 . > > but when i test it from Router to ACS: in debug i see below. > > *Mar 1 00:15:13.735: AAA/MEMORY: create_user (0x64ADDF2C) user='kamran' > ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN > priv=1 initial_task_id='0', vrf= (id=0) > *Mar 1 00:15:13.735: TAC+: send AUTHEN/START packet ver=192 id=1843486933 > *Mar 1 00:15:13.951: TAC+: ver=192 id=1843486933 received AUTHEN status = > GETPASS > *Mar 1 00:15:13.955: TAC+: send AUTHEN/CONT packet id=1843486933 > *Mar 1 00:15:14.155: TAC+: ver=192 id=1843486933 received AUTHEN status = > PASS > R1# > *Mar 1 00:15:14.159: AAA/MEMORY: free_user (0x64ADDF2C) user='kamran' > ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 > vrf= (id=0) > > My question is wht it is LOGIN PRIV = 1 ?????? > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
