Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3045
Views
0
Helpful
0
Replies

AutoCommand

estelamathew
Level 2
Level 2

‎05-17-2010 07:08 AM - edited ‎03-10-2019 05:08 PM

Hello dears,

I m trying to configure the autocommand for jr engineer,that when he telnet to router he shld see the menu of selection,I m trying to configure according to book but it is not working. When the user login he is able to see the menu but when the user select the number for suppose 1 or 2 he gets an error invalid output,please find the attached.

Step 1.
Begin with the goal. In this situation, you have an  administrator, that we call junior-admin, log in to a router via the Telnet  protocol. This junior-admin is not allowed to make major changes to the router  rbb. What you want to happen here is for junior-admin to see a menu when they  authenticate to ACS, choose an option from that menu, and have authorization  take place for those commands. Example  8-3 shows the configuration of the menu that is accessed by junior-admin  upon accessing the command line of rbb.

Example 8-3. Menu Configuration
!
menu admin1 prompt ^C Please select an Action^C
menu admin1 text 1 Show IP Interface Brief
menu admin1 command 1 show ip interface brief
menu admin1 text 2 Show interface fa0/0
menu admin1 command 2 sh int fa0/0
menu admin1 text 3 Show Run Interface fa0/0
menu admin1 command 3 sh run int fa0/0
menu admin1 text 4 Show ip route
menu admin1 command 4 sh ip route
menu admin1 text 5 Show Arp
menu admin1 command 5 show arp
menu admin1 text 6 Clear the Arp table
menu admin1 command 6 clear arp
menu admin1 text 7 EXIT
menu admin1 command 7 logout

Step 2.
After this menu has been added to the router, you can test it  by typing the following command: menu  admin1.

Step 3.
Now that the menu is in place, you want to configure the  TACACS+ settings on the router. Basic AAA commands are given in this example;  however, for more detailed AAA configuration, see Appendix A, "RADIUS Attribute Tables." You now add  the ACS server into the router.

Step 4.
Configure the AAA group and protocol by entering the command  tacacs-server host  192.168.1.1.

Step 5.
Next, configure the secret key by entering the command tacacs-server key cooljive.

Step 6.
To enable authentication, enter the following AAA  configuration command: aaa authentication login  default group tacacs+ local.

To enable the autocommand, simply follow these steps:

Step 1.
Select TACACS+ in the Jump  To list. By selecting TACACS+ in the Jump To  list, you are taken to the TACACS+ Settings configuration screen

Step 2.  From here, scroll to the Shell (exec) section. It is here that you enable the autocommand. You could enter any command here that you would like the user to execute. After the command has been executed, the Telnet connection to rbb drops.


Step 3.  Now that you are in the Shell (exec) configuration section, you want to select the check box next to Shell (exec). This enables junior-admin shell authorization.


Step 4.  Also, check the autocommand option and in the box, enter the command menu admin1. This was displayed in Figure 8-18.


Step 5.  After the configuration is enabled, you can select Submit + Restart to restart the ACS service.


Step 6.  Next, you Telnet from the junior-admin workstation where the junior-admin is prompted to enter a username and password. When authentication has been accepted, the autocommand takes place.

Labels:
Preview file
501 KB
Preview file
501 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents