but still confuse, bcz I have three groups one with admin user that has access to all network devices and for them there is no command set on this group.
This device belongs to that group has command set that allows only show commands, but earlier this device not allowing anyone to connect except the user of this group and that usr only run show command.
Why this device not allowing admin to login, after i remove old show command set and made a new command set with all permit it let me allowing in.
I want admin group to access all devices and do all things and one group to access specific devices and can perform only specific task, but admin on these devices can do all admin task.
One thing more, please tell me i also want to authenticate user at the time of login and at the time of enable mode, right now user able to login in by giving local enable password, i wana also authenticate user enable password define on ACS.
how to define enabel password on ACS and how to configure enable authentication device.
I also tried what you said and it works, however this is a nice work around to the problem of getting ACS to do cmd authorization at other lower cmd levels, surely we should be able to implement this at other levels, so when we do auditing it reports its real level. I create a cmd auth set apply it to a user who has level 15 access and it works well. I then change the users level to something lower using the same cmd set and it will not work??
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...