I want to be able to restrict users to certain commands on my Access Layer switches. I can do all but the "set vlan" command set. I need to be able to allow these users to 'set vlan <vlan number> <mod/slot>" but not do any other set vlan commands. For example, in my ACS config I have 'deny vlan mtu'. However, if the user were to type 'set vlan 1 mtu' it would be allowed. Is there a way in CS-ACS v2.6 W2k to handle this situation?
Hmmm, interesting. I think you'd have to add each vlan number in as part of the command, so do something like:
deny vlan 1 mtu
deny vlan 2 mtu
and so on. Bit of a pain if you have hundreds of VLAN's. I can't see any other way around this though, since the vlan number is sent as part of the command to the ACS server, just like the word "mtu" is part of the command.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...