Customization of AAA

Unanswered Question
Nov 10th, 2009
User Badges:

I need to know how to apply a custom config to allow a tacacs group to be able to access all commands from the cli EXCEPT "configuration mode".

I have the groups defined in tacacs+ but need to write the config for the devices...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 11/10/2009 - 15:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I believe that this kind of control over what commands can be executed and what can not is generally done with command authorization sets in TACACS. Are you saying that you have configured command authorization sets for these users and want to configure it on the router? I would configure it something like this:

aaa authorization commands 15 default group tacacs+ if-authenticated




This Discussion