Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
0
Helpful
1
Replies

Assigning command to priv level

networker99
Level 1
Level 1

‎04-17-2009 06:29 AM - edited ‎03-10-2019 04:26 PM

TACACS is being used to provide access to the switches. We have set up an authorization set, but I want to know how to assign a specific command to an priv level. For instance we grant a vendor level 5 access, and want to assign the command "show interface" to priv level 5. Can this be set in TACACS or does it have to be on the switch itself?

Labels:
0 Helpful
1 Reply 1

Jagdeep Gambhir
Level 10
Level 10

‎04-17-2009 08:00 AM

Since you have tacacs then best option is to use command authorization.

Please see this link,

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

Trick here is to give all user prov lvl 15 and then apply command autho set.

Having Priv lvl 15 does not mean that user will be able to issue all commands. User will only be able to issue commands that you have listed.

Regards,

~JG

Please rate helpful posts

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents