Hi,
I am trying to creat user group who are assigned for restricted access only for ping <ip> repeat command and show interface <x/x> at the user exec prompt .
These users are not required to log with enable password to do this above task.
Can anyone help with group edit settings for authorization set . Most probably i hope command & arguments to be used .
My device (AAA client ) configuration is as follows:
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
Appreciate your help !
regards,
Waruna