acs 4.1 authorization for level 15 !!

Unanswered Question
Apr 15th, 2009

hi all, i am currently using acs 3.3 (windows) but i am not able to restrict users assigned to level 15 from issuing certain commands. Someone told me this is possible in acs4.1 so do i have to configure normal authorization on acs 4.1 and it will be applied to level 15 or do i need to do some special config on acs/router ?

Kindly guide me

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
amritpatek Tue, 04/21/2009 - 15:22

In addition to your preset configuration, these commands are required on an IOS router or switch in order to implement command authorization through an ACS server:

aaa new-model

aaa authorization config-commands

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

tacacs-server host A.B.C.D

tacacs-server key cisco123

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#backinfo

Actions

This Discussion