11-14-2007 01:26 PM - edited 03-10-2019 03:30 PM
Hi,
I have an ACS that authenticates and authorizes IOS devices.
I use "shell command autorization set" to authorize some commands for some groups.
Is it possible to do so with CatOS?
For example, I'd like that the groupe FULL can access all command and the group LOW can onmy access "sho" commands?
Regards,
ROMS
11-14-2007 02:32 PM
Roms,
Concept remains the same for IOS and CAT OS. You need to define command author set for cat os.
Regards,
~JG
11-15-2007 04:20 AM
Hi,
Ok, and what should be the configuraio of the switches. I see there is few available command for CatOS...
Regards
11-15-2007 04:58 AM
Hi,
The following command is reqd to enable command authorization on set-based switch:
set authorization commands enable [config | all] tacacs+ [deny | none] [console | telnet | both]
tnx
somishra
11-15-2007 06:02 AM
Console> (enable) set tacacs server [IP] [primary]
set tacacs key [key]
set tacacs attempts [number] (optional)
set localuser user [user] password [password] privilege 15
set authentication login local enable
set authentication login tacacs enable [all | console | http | telnet] [primary]
set authorization exec enable tacacs+ [deny | none] [console | telnet | both]
set authorization commands enable [config | all] tacacs+ [deny | none] [console |telnet | both]
regards,
~JG
11-15-2007 06:10 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide