Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Command Authorization in ACS

Hi,

Can anybody tell me how can I permit only ping command to a group in ACS. What is the actual statement that I want to add in command authorization sets.

6 REPLIES
Community Member

Re: Command Authorization in ACS

Hi,

Please refer the attachment for detail.

After you have gone through the attachment, Being specific to your question,

ping---------------(Check the check box for "Permit unmatched Args")

Regards,

Prem

Community Member

Re: Command Authorization in ACS

Hi,

Thanks a lot.

Community Member

Re: Command Authorization in ACS

Do rate if that helps.

;)

Regards,

Prem

Re: Command Authorization in ACS

Hi Prem,

Can you let me know how can i restrict a group from adding a route. I have the following configured on the ACS under shell authorization

configure ......permit terminal

interface ......permit fastethernet (permit Unmatched arg)

show............permit vlan

switchport......permit access &

permit vlan

With the above configuration iam still able to add a route to the config

Also i would like to know the wildcard to be used for enabling all the fastethernet or Ge ports

thanks in advance

Narayan

Cisco Employee

Re: Command Authorization in ACS

Narayan,

This command will help in restricting the route addition :-

aaa authorization config-commands

Command authorization does not apply to configuration mode automatically. So we need to enable it using the above command.

Re: Command Authorization in ACS

Hi Vivek,

I had the command in my configuration.

Actually i had missed the command

aaa authorization commands 15 default group tacacs+ local

Thanks

Narayan

195
Views
4
Helpful
6
Replies
CreatePlease to create content