Command Authorization

Answered Question
Jun 2nd, 2008

I have ACS solution engine, I have applied a command authorization set on user, below mention is command authorization set

show command

permit version

permit aaa

permit config

permit interface

permit xlate

permit nat

permit global

permit access-list

permit route

permit ip route

permit vlan brief

permit ping

Clear command

permit version

permit aaa

permit config

permit interface

permit xlate

permit nat

permit global

permit access-list

permit route

permit ip route

permit vlan brief

enable command

permit ping

now problem is that user is able to login successfully, and goes to enable mode, but from neither mode he is able to ping the network.

though i have allowed the ping command, but user getting error

ping 172.28.95.2

Command authorization failed

I want to allow the user to ping anywhere in the network.

Please tell me how to do that.

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 8 years 6 months ago

It should be

configure----> on the left box

permit terminal ---> on the right box.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
wasiimcisco Mon, 06/02/2008 - 08:41

It was not working as mentioned in the attachement, I changed it to to different way as shown in the snapshot, it is working now.

Please tell me one more thing, if i want user to even allow configure terminal, how to do that, i tried as mentioned in the snapshot but not working, I want user to go into configure terminal but i will only allow the commands that i mentioned in the show command set.

Please tell me how to do that.

Correct Answer
Jagdeep Gambhir Mon, 06/02/2008 - 09:00

It should be

configure----> on the left box

permit terminal ---> on the right box.

Actions

This Discussion