Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 - how to setup an ID for Tripwire

I have been asked to setup an ID for our Tripwire application to access our network devices to check our configuration on a regular basis.  I was told the ID needed "enable" AND ability to do a  'show run'.  I am trying to use ACS 4.2 by creating a group and placing a single user called TRIP in the group.  I have tried assigning the group to any privilege other than 15 but none have enable privilege.  In ACS Group configuration, I have it set to:

Shell Command Authorization Set

   Per Group Command Authorization 

Unmatched Cisco IOS commands = Deny  

x Command = show   

   Arguments = permit run 

Unlisted arguments = Deny

It's like setting up an ID for a new network administrator and restricting their access until they are ready.  Has anyone done this before?