Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS shell command authorization help

Hello,

I wanted to only allow users to use interface command. But when I permit config terminal in ACS shell command set, all the commands are allowed. How can I limited the users to only have the permission for interfacce command?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACS shell command authorization help

Two things could be wrong

1) You don't have the following command on your AAA Client:

aaa authorization config-commands

2) You have clicked the 'Unmatched Commands' = Permit radio option in ACS, have a look at:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

Regards

Farrukh

3 REPLIES

Re: ACS shell command authorization help

Did you configure something like

configure permit terminal

interface permit fastethernet

HAve a look at the attached doc for shell command auth configuration

Narayan

Re: ACS shell command authorization help

Two things could be wrong

1) You don't have the following command on your AAA Client:

aaa authorization config-commands

2) You have clicked the 'Unmatched Commands' = Permit radio option in ACS, have a look at:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

Regards

Farrukh

New Member

Re: ACS shell command authorization help

yes, i missed the command - aaa authorization config-commands on the clients. After i added that, it works.

Thanks for your help

380
Views
0
Helpful
3
Replies
CreatePlease to create content