ACS 4.2 - how to setup an ID for Tripwire

Unanswered Question
Sep 9th, 2010

I have been asked to setup an ID for our Tripwire application to access our network devices to check our configuration on a regular basis.  I was told the ID needed "enable" AND ability to do a  'show run'.  I am trying to use ACS 4.2 by creating a group and placing a single user called TRIP in the group.  I have tried assigning the group to any privilege other than 15 but none have enable privilege.  In ACS Group configuration, I have it set to:

Shell Command Authorization Set

   Per Group Command Authorization 

Unmatched Cisco IOS commands = Deny  

x Command = show   

   Arguments = permit run 

Unlisted arguments = Deny

It's like setting up an ID for a new network administrator and restricting their access until they are ready.  Has anyone done this before?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion