TACACS authentication

Unanswered Question
Nov 16th, 2008
User Badges:

I have configured TACACS and I am able to logon to cisco devices successfully using TACACS user ID and password. I need to create another group ad assign users to new group just to run SHOW RUNNING-CONFIG command only.

any idea?


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Sun, 11/16/2008 - 06:21
User Badges:
  • Silver, 250 points or more

You need authorization for that. In freeware

TACACS, you need something like this:


user = adv {

member = advanced

name = "Advanced User"

# login = des DJVS9kfrcLbus

}

user = $adv$ {

member = advanced

name = "Advanced User"

# login = des W/3UA7J1cz3sQ

}


group = advanced {

cmd = show { permit .* }

cmd = copy { permit flash }

cmd = copy { permit running }

cmd = ping { permit .* }

cmd = configure { permit .* }

cmd = enable { permit .* }

cmd = disable { permit .* }

cmd = telnet { permit .* }

cmd = disconnect { permit .* }

cmd = where { permit .* }

cmd = set { permit .* }

cmd = clear { permit line }

cmd = exit { permit .* }

}


Easy right?

ahmad-sajjad Sun, 11/16/2008 - 06:27
User Badges:

Thanks for the reply. I am useing Cisco ACS 4.2. Any other suggestion?


Regards


Sajjad

Actions

This Discussion