Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
502
Views
0
Helpful
2
Replies

AAA IOS HTTS Cmd Authorization

charlie-hall
Level 1
Level 1

‎06-20-2008 02:38 PM - edited ‎03-10-2019 03:55 PM

On my ACS SE 4.2 setup I have CMD Authorization set up and it works nice, Service Desk type cmds: show, clear, telnet, traceroute, exit and then another group with full access (all cmds permitted). both user groups have Priv. Levels = 15.

However, (there is always one) with SDM access via HTTPS it appears that all you need is Priv. Level 15 to run SDM and make any configuration changes.

With my current setup, a user in the NetDevOper group when Telnet'ed or SSH'ed has access to a few commands, i.e. clear crypto sessions.

If I change this group from Priv Level 15 to, say 14, then I will have to 'Demote' the Clear command to Priv Level 14 on each device so this group can do simple clear commands.

My other choice is to disable HTTP access altogether, which is what I am leaning towards.

Is there another option available?

Labels:
0 Helpful
2 Replies 2

Jagdeep Gambhir
Level 10
Level 10

‎06-21-2008 08:01 PM

Charlie,

In order to access SDM, we would always need privilege level 15.

Regards,

~JG

0 Helpful

charlie-hall
Level 1
Level 1
In response to Jagdeep Gambhir

‎06-23-2008 07:57 AM

Hi JG,

Thanks for your reply.

Do you know if there is a way to limit user access via HTTP(S) (SDM) so my Service Desk can use it, but cannot make configuration changes?

It appears to me that the IOS code for HTTP(S) (SDM) access is only checking to see if the user has Priv Level=15 and there is no other varibles being check.

If true, I will just disable HTTP(S) SDM access to the routers.

Thanks

Charlie

0 Helpful
Customers Also Viewed These Support Documents