If you have Cisco ACS server 2.x and 3.x, under any Group Properties/TACACS Settings, select Shell(exec) and put level 15 for "privilege levels".
First Case: "Shell/exec" dictates initial login level of access. The access level can be as high as 15, which means you login to the "enable privileged" prompt directly. "enable options" on ACS have no effect Second Case: Not using "Shell/Exec option", but using "enable options" in conjunction with device "enable" aaa authentication command: -- aaa authentication enable default tacacs+ enable Initially, you login to level 1 (basic user level). When you enter "enable" command, your password (checked against ACS servers) will determine your next level of access. This password is usually is your initial login password Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70837&t=70800 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]