TACACS authentication

Unanswered Question
Nov 16th, 2008

I have configured TACACS and I am able to logon to cisco devices successfully using TACACS user ID and password. I need to create another group ad assign users to new group just to run SHOW RUNNING-CONFIG command only.

any idea?

Regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Sun, 11/16/2008 - 06:21

You need authorization for that. In freeware

TACACS, you need something like this:

user = adv {

member = advanced

name = "Advanced User"

# login = des DJVS9kfrcLbus

}

user = $adv$ {

member = advanced

name = "Advanced User"

# login = des W/3UA7J1cz3sQ

}

group = advanced {

cmd = show { permit .* }

cmd = copy { permit flash }

cmd = copy { permit running }

cmd = ping { permit .* }

cmd = configure { permit .* }

cmd = enable { permit .* }

cmd = disable { permit .* }

cmd = telnet { permit .* }

cmd = disconnect { permit .* }

cmd = where { permit .* }

cmd = set { permit .* }

cmd = clear { permit line }

cmd = exit { permit .* }

}

Easy right?

ahmad-sajjad Sun, 11/16/2008 - 06:27

Thanks for the reply. I am useing Cisco ACS 4.2. Any other suggestion?

Regards

Sajjad

Actions

This Discussion