Cisco Cisco Packet Data Gateway (PDG)
System Settings
Configuring TACACS+ for System Administrative Users ▀
ASR 5000 System Administration Guide, StarOS Release 18 ▄
69
Important:
TACACS+ privilege levels are stored as Attribute Value Pairs (AVPs) in the network’s TACACS+
server database. Users are restricted to the set of commands associated with their privilege level. A mapping of
TACACS+ privilege levels to ASR 5000 CLI administrative roles and responsibilities is provided in the table below.
TACACS+ privilege levels to ASR 5000 CLI administrative roles and responsibilities is provided in the table below.
Table 4. Default Mapping of TACACS+ Privilege Levels to CLI Administrative Roles
TACACS+ Privilege Level
CLI Administrative Access Privileges
CLI
FTP
ECS-EMS
Lawful Intercept
CLI Role
0
Yes
No
No
No
Inspector
1
Yes
No
Yes
No
Inspector
2
No
Yes
No
No
Inspector
3
Yes
Yes
No
No
Inspector
4
Yes
Yes
Yes
No
Inspector
5
Yes
No
No
No
Operator
6
Yes
No
Yes
No
Operator
7
No
Yes
No
No
Operator
8
Yes
Yes
No
No
Operator
9
Yes
Yes
Yes
No
Operator
10
Yes
No
No
No
Administrator
11
Yes
No
Yes
No
Administrator
12
No
Yes
No
No
Administrator
13
Yes
Yes
No
Yes
Administrator
14
Yes
Yes
Yes
No
Administrator
15
Yes
Yes
Yes
Yes
Administrator
Important:
TACACS+ priv-levels can be reconfigured from their default StarOS authorization values via the
TACACS+ Configuration mode priv-lvl and user-id commands. For additional information, see the TACACS+
Configuration Mode Commands chapter of the Command Line Interface Reference.
Configuration Mode Commands chapter of the Command Line Interface Reference.