Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
2
Replies

Different Permissions

Go to solution
networker99
Level 1
Level 1

‎08-19-2009 07:43 AM - edited ‎03-10-2019 04:39 PM

How can I set Cisco ACS to apply full level 15 access to a user when they connect to a switch, but read only access when they connect to a firewall?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Erick Delgado
Level 1
Level 1

‎08-19-2009 08:17 AM

Hi,

This can be done by using command shell authorization.

Please see documentation below.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

If you have any question do not hesitate to contact me.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Erick Delgado
Level 1
Level 1

‎08-19-2009 08:17 AM

Hi,

This can be done by using command shell authorization.

Please see documentation below.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

If you have any question do not hesitate to contact me.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎08-19-2009 08:36 AM

You can set this by using command authorization.

ACS config:

==========

Create two NDG one for ASA client and one for switch client under network configuration.

Create two different command authorization set for

Switch = permit all

ASA = Deny all

and permit show only

Now, go the user account, scroll down to the Shell Command Authorization Set

Assign a Shell Command Authorization Set on a per Network Device Group Basis

Here you can map NDG with respective command authorization set.

On the ASA:

===========

aaa authorization command LOCAL \\In order to enable command authorization\\

On the switch

=============

aaa new-model

aaa authorization config-commands

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ loca

For more info, please refer this link:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#backinfo

Let me know if you face any issue.

Regards

JK

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents