I m trying to configure the autocommand for jr engineer,that when he telnet to router he shld see the menu of selection,I m trying to configure according to book but it is not working. When the user login he is able to see the menu but when the user select the number for suppose 1 or 2 he gets an error invalid output,please find the attached.
Begin with the goal. In this situation, you have an administrator, that we call junior-admin, log in to a router via the Telnet protocol. This junior-admin is not allowed to make major changes to the router rbb. What you want to happen here is for junior-admin to see a menu when they authenticate to ACS, choose an option from that menu, and have authorization take place for those commands. Example 8-3 shows the configuration of the menu that is accessed by junior-admin upon accessing the command line of rbb.
Example 8-3. Menu Configuration
! menu admin1 prompt ^C Please select an Action^C menu admin1 text 1 Show IP Interface Brief menu admin1 command 1 show ip interface brief menu admin1 text 2 Show interface fa0/0 menu admin1 command 2 sh int fa0/0 menu admin1 text 3 Show Run Interface fa0/0 menu admin1 command 3 sh run int fa0/0 menu admin1 text 4 Show ip route menu admin1 command 4 sh ip route menu admin1 text 5 Show Arp menu admin1 command 5 show arp menu admin1 text 6 Clear the Arp table menu admin1 command 6 clear arp menu admin1 text 7 EXIT menu admin1 command 7 logout
After this menu has been added to the router, you can test it by typing the following command: menu admin1.
Now that the menu is in place, you want to configure the TACACS+ settings on the router. Basic AAA commands are given in this example; however, for more detailed AAA configuration, see Appendix A, "RADIUS Attribute Tables." You now add the ACS server into the router.
Configure the AAA group and protocol by entering the command tacacs-server host 192.168.1.1.
Next, configure the secret key by entering the command tacacs-server key cooljive.
To enable authentication, enter the following AAA configuration command: aaa authentication login default group tacacs+ local.
To enable the autocommand, simply follow these steps:
Select TACACS+ in the Jump To list. By selecting TACACS+ in the Jump To list, you are taken to the TACACS+ Settings configuration screen
Step 2. From here, scroll to the Shell (exec) section. It is here that you enable the autocommand. You could enter any command here that you would like the user to execute. After the command has been executed, the Telnet connection to rbb drops.
Step 3. Now that you are in the Shell (exec) configuration section, you want to select the check box next to Shell (exec). This enables junior-admin shell authorization.
Step 4. Also, check the autocommand option and in the box, enter the command menu admin1. This was displayed in Figure 8-18.
Step 5. After the configuration is enabled, you can select Submit + Restart to restart the ACS service.
Step 6. Next, you Telnet from the junior-admin workstation where the junior-admin is prompted to enter a username and password. When authentication has been accepted, the autocommand takes place.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...