Good afternoon, I have a strange issue. I'm configuring a Read-Only shell script to restrict showing of the configs. This seem to work fine on 35xx serise switches but not on RTR's or IOS based 65xx switches. The AAA settings are exactly the same eith either device.
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication enable default enable none
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
tacacs-server host x.x.x.x
tacacs-server key xxxxxx
tacacs-server directed-request.
The same shell script is working fine on restricting config commands, I'm just having issue in preventing show running-config or show startup-config.
My shell script is setup as follows.
Unmatched Commands = deny
show Permit Unmatched Args "checked"
show deny running-config
show deny startup-config
Or if I even went so for as to reverse it where I define all the commands allowed the same problem persits.
Any assistance whould be helpful.
Thx
-Rich