10-26-2007 10:20 AM - edited 03-10-2019 03:28 PM
On our current config we have this...
Aaa new-model
Aaa authentication login default group tacacs+ local
Aaa authorization config-commands
Aaa authorization exec default group tacacs+ local
Aaa authorization commands 15 default group tacacs+ if-authenticated
In tacacs we have each user in a group. Each group calls upon a command authorization set. In the command set we have denied enable, but we are still able to run enable. The other commands that we test work fine. Any suggestions? Are we able to deny enable at all?
Thank You,
Andrew
Solved! Go to Solution.
10-26-2007 10:25 AM
Hi Andrew,
Add the following commands on the device:
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
Rgds
somishra
10-26-2007 10:25 AM
Hi Andrew,
Add the following commands on the device:
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
Rgds
somishra
10-26-2007 10:41 AM
Thank You Very Much! I've been pulling my hair out over that for too long. lol
Have a good one.
-Andrew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide