Customization of AAA

Unanswered Question
Nov 10th, 2009

I need to know how to apply a custom config to allow a tacacs group to be able to access all commands from the cli EXCEPT "configuration mode".

I have the groups defined in tacacs+ but need to write the config for the devices...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 11/10/2009 - 15:58


I believe that this kind of control over what commands can be executed and what can not is generally done with command authorization sets in TACACS. Are you saying that you have configured command authorization sets for these users and want to configure it on the router? I would configure it something like this:

aaa authorization commands 15 default group tacacs+ if-authenticated




This Discussion