I have ACS 4.1 for Windows!!
I am testing Cisco6513 for command authorization for a user.
The problem is that the switch is authorizing the commands which i have denied in ACs for that particular user.
I am attaching the screen shots.
Can any one tell me what i am missing?Does i need to put some some commands in 6513 to enable command authorization in the ACS?
My Switch config for ACS is:
aaa group server tacacs+ name1
aaa authentication login default group name1 local
aaa authentication enable default group name1 enable
aaa authorization exec default group name1 if-authenticated
ip http authentication aaa
tacacs-server host ACSserver1
no tacacs-server directed-request
tacacs-server key xxxxx
You are missing these commands,
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization config-commands
Do rate helpful posts