Техническая Инструкция для Cisco Cisco 5760 Wireless LAN Controller

 Click on "Users and Identity Stores", then select "Users".

Click "Create" and configure a few test users such as illustrated below.

You need to create 2 profiles for the 2 different types of access .Privilege 15 in the cisco tacacs
world means providing full access to the device without any restriction. Privilege 1 on the other
hand will allow you to login and execute only a limited amount of commands .Below is a short
description of the levels of access provided by cisco.

privilege level 1 = non-privileged (prompt is router>), the default level for logging in

privilege level 15 = privileged (prompt is router#), the level after going into enable mode

privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and
logout

On 5760, levels 2-14 are considered the same as level 1. They are given the same privilege as 1.
Do not configure tacacs privilege levels for certain commands on the 5760. UI access per
tabs is not supported in 5760. You can either have full access (priv15) or only access to the
Monitor tab (priv1). Also, users with privilege level 0 are not alowed to login.

Using the below print screen create that profile :

Click on "Policy Elements". Click on "Shell Profiles".

Create a new one.

Go in the "Common Tasks" tab and set the default and maximum privilege levels to 15.

Command sets are sets of commands used by all the tacacs devices.They can be used to restrict
the commands that a user is allowed to use if assigned that specific profile. Since on the 5760,