permitting specified commands only

Unanswered Question
Jan 4th, 2007
User Badges:

Hi,


We have TACACS enabled in our routers. I wanted to restrict user access to only particular commands. I am providing those commands below.


Router#term len 0

Router#sh clock

Router#sh ip int br

Router#sh env all

Router#sh int s0/0

Router#sh int s0/1

Router#ping 10.30.250.137

Router#conf t

Router(config)#int se0/0

Router(config-if)#no backup int br0/0

Router#exit

Router#isdn call int bri 0/0 22861600

Router#sh isdn a

Router#sh isdn status

Router(config)#int se0/0

Router(config-if)#backup int bri0/0

Router#sh int bri0/0

Router#sh run


Nothing more than these commands should be allowed for configuration. Can someone advice me for required configuration in Router as well as cisco ACS.



Regards

SKRAO



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kiran_8095 Thu, 01/04/2007 - 04:30
User Badges:

Hi Siva,


You will have to add these commands in Shared Profile Components-->shell command authorization sets. And then associate this to the user under user setup.

And ofcourse you have to enable command authorization in router pointing to the tacacs server.


Regards,

Kiran

Actions

This Discussion