06-02-2008 05:48 AM - edited 03-10-2019 03:52 PM
I have ACS solution engine, I have applied a command authorization set on user, below mention is command authorization set
show command
permit version
permit aaa
permit config
permit interface
permit xlate
permit nat
permit global
permit access-list
permit route
permit ip route
permit vlan brief
permit ping
Clear command
permit version
permit aaa
permit config
permit interface
permit xlate
permit nat
permit global
permit access-list
permit route
permit ip route
permit vlan brief
enable command
permit ping
now problem is that user is able to login successfully, and goes to enable mode, but from neither mode he is able to ping the network.
though i have allowed the ping command, but user getting error
ping 172.28.95.2
Command authorization failed
I want to allow the user to ping anywhere in the network.
Please tell me how to do that.
Solved! Go to Solution.
06-02-2008 09:00 AM
It should be
configure----> on the left box
permit terminal ---> on the right box.
06-02-2008 05:58 AM
06-02-2008 08:41 AM
It was not working as mentioned in the attachement, I changed it to to different way as shown in the snapshot, it is working now.
Please tell me one more thing, if i want user to even allow configure terminal, how to do that, i tried as mentioned in the snapshot but not working, I want user to go into configure terminal but i will only allow the commands that i mentioned in the show command set.
Please tell me how to do that.
06-02-2008 09:00 AM
It should be
configure----> on the left box
permit terminal ---> on the right box.
06-02-2008 11:15 AM
Waseem, have a look at the following link:
The best option is to turn on the following debugs on the router and then enable the appropriate commands in ACS (as sometimes router is sending strange characters like
debug aaa authorization
debug tacacs
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: