Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 5.3 question Custom command sets for TACACS+

Custom command sets for TACACS+

I am trying to configure a custom set for our NOC.  I can get show commands working, but ping and traceroute do not work.

 

I added them the same way using permit ping and permit traceroute.  Do I also need an arguement for these two commands?  With show I could leave that blank to enable all show commands.

1 REPLY
Cisco Employee

What do you see under ACS >

What do you see under ACS > tacacs authorization logs. If you have already defined the command set and hitting the right one and still failing then most likely the format/syntax you have defined and the format/syntax the NAS device sending do not match. 

 

You can also turn on debugs and check what NAS is sending to ACS.

debug tacacs

debug aaa authorization

term mon

You may also go through the ACS 5 command authorization configuration example.

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113590-acs5-tacacs-config.html

 

Regards,

Jatin Katyal

*Do rate helpful posts*

~BR Jatin Katyal **Do rate helpful posts**
76
Views
0
Helpful
1
Replies
CreatePlease to create content