I'm trying to use authorization on CatOS switchs whith TACACS+ and ACS 3.2;
Authentication and accounting works normally, but authorization is my problem.
I want configure the switchs (running CatOS) to permit and deny via ACS some commands (eg. permit show conf, clear counters; deny show cdp neig and some set "argument" commands), but i don't acquiring the desired results. On the routers running IOS, i get sucess on aaa using the same group on ACS.
ACS is configured to use group settings, enable options checked to use max privileges for cliente (priv 15), TACACS+ settings using "shell (exec)" and some commands to permit and deny.
If i use the switch configuration(below), only configuration commands are denied and all show commands are permited.
set authentication login tacacs enable console primary
set authentication login tacacs enable telnet primary
set authentication login tacacs enable http primary
set authentication enable tacacs enable telnet primary
set authorization exec enable tacacs+ none telnet
set authorization enable enable tacacs+ none telnet
set authorization commands enable config tacacs+ none telnet
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...