Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 4.2

 

 

Hello..

 I am running ACS 4.2 and my network devices are getting access through it. I have a new user whom i want to give only read only access(including show configuration). So is there any changes which i need to do on ACS server to do so. I dont want to do any changes on network devices like(privilege exec level 7 show running-config or privilege exec level 7 show configuration).

Could any one pls tell me is this possible only doing changes on ACS server.

3 REPLIES
Cisco Employee

Configuration that need to be

Configuration that need to be performed on ACS 4.2
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/99361-acs-shell-auth.html#scenario2


Configuration you should have on IOS device.
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/99361-acs-shell-auth.html#rou

Please understand concept of command authorization before you implement changes.

 

Regards,

Jatin Katyal

** Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

  Hi Jatin.. I have below IOS

 

 

Hi Jatin..

 I have below IOS config and  settings on ACS. I want new user to give all show access including show configuration but doesnt want him to excecute configure terminal. I tried for this but still not able to achieve this, pls suggest where i am doing wrong.

----------------------------------------------------

aaa new-model

aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host x.x.x.x

tacacs-server key y.y.y.y

------------------------------------------------------------------------------------

 

Silver

wel you have no option except

wel you have no option except  authorization i.e which command to allow using the ACS and not much configuraiton required on access devicess .

105
Views
0
Helpful
3
Replies
CreatePlease to create content