AAA authorization show run in priv 7

schakra · ‎12-01-2006

Hi,Any one can help...

I have set up AAA on my network.

aaa authentication login default group tacacs+ group security local

aaa authorization exec default group tacacs+ group security local

aaa accounting exec default start-stop group tacacs+ group security

tacacs-server host x.x.x.x

tacacs-server directed-request

tacacs-server key 7 xyz

I want set prvilige on group basis.

I have created a group called test in ACS server and set comnand authorization on pergroup basis

& added show command with permit running-config as arguments.

My objective is give the user of test group priv level 7 but they can use show running-config.

Any help?

thanks in advance

dtripati · ‎12-01-2006

Hi,

If you want to set privilege on the basis of group setting then follow the following TAB::

Group>Edit Settings>

Then scroll down to Tacacs setting and set the desired privelege in privilege leve check box.

I hope this will fulfill your requirement.

Thanks

Deepak

schakra · ‎12-04-2006

Thanks for your reply.But I've already tried.If i give priv 7 he can't use show run. but i want to give hime sh run in priv 7

Thnx,

Sourav

jhillend · ‎12-05-2006

You also have to reset the priv level of show run on the device. In IOS it would look something like this:

privilege exec level 7 show running-config

You will need to check the proper documentation for your router, etc.

schakra · ‎12-05-2006

Hi,

Thanks for your reply.It's nearly the exact what I wanted.However show running-config only shows like these

7206a#sh run

Building configuration...

Current configuration : 53 bytes

!

boot-start-marker

boot-end-marker

!

end

However #Show config

shows the proper running-config

Thanks