cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1023
Views
0
Helpful
5
Replies

AAA with CatOS and ACS (shell command autorization set)

rdubo
Level 1
Level 1

Hi,

I have an ACS that authenticates and authorizes IOS devices.

I use "shell command autorization set" to authorize some commands for some groups.

Is it possible to do so with CatOS?

For example, I'd like that the groupe FULL can access all command and the group LOW can onmy access "sho" commands?

Regards,

ROMS

5 Replies 5

Jagdeep Gambhir
Level 10
Level 10

Roms,

Concept remains the same for IOS and CAT OS. You need to define command author set for cat os.

Regards,

~JG

Hi,

Ok, and what should be the configuraio of the switches. I see there is few available command for CatOS...

Regards

Hi,

The following command is reqd to enable command authorization on set-based switch:

set authorization commands enable [config | all] tacacs+ [deny | none] [console | telnet | both]

tnx

somishra

Console> (enable) set tacacs server [IP] [primary]

set tacacs key [key]

set tacacs attempts [number] (optional)

set localuser user [user] password [password] privilege 15

set authentication login local enable

set authentication login tacacs enable [all | console | http | telnet] [primary]

set authorization exec enable tacacs+ [deny | none] [console | telnet | both]

set authorization commands enable [config | all] tacacs+ [deny | none] [console |telnet | both]

regards,

~JG

Here is the sample screen shot. Also note that CAT OS do not support local AAA fallback until version 7.5 when the 'set localuser' command was introduced.

Regards,

~JG

Do rate helpful posts

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: