I have been asked to setup an ID for our Tripwire application to access our network devices to check our configuration on a regular basis. I was told the ID needed "enable" AND ability to do a 'show run'. I am trying to use ACS 4.2 by creating a group and placing a single user called TRIP in the group. I have tried assigning the group to any privilege other than 15 but none have enable privilege. In ACS Group configuration, I have it set to:
Shell Command Authorization Set
Per Group Command Authorization
Unmatched Cisco IOS commands = Deny
x Command = show
Arguments = permit run
Unlisted arguments = Deny
It's like setting up an ID for a new network administrator and restricting their access until they are ready. Has anyone done this before?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...