Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How can i deny access with ACS

Hello,

I manage all my users with Tacacs CISCO ACS.

I have group that i allowed them to enter to "configure terminal" level. but i don't want that they have access to


"router isis \ router bgp \ router ospf" on "configure terminal".

I tried the following settings:

pic1.PNG

also i tried

pic2.PNG

and it's not work fine. what can i do to deny access to router (bgp \ isis \ ospf) settings ?

Thanks,

Alon

3 REPLIES
Cisco Employee

How can i deny access with ACS

As per my knowledge configuration looks perfect. I would suggets to remove and reapply the same config.

How can i deny access with ACS

Please turn "# debug aaa authorization " and check the av pairs

New Member

Re: How can i deny access with ACS

Hello,           

Problem solved, had no command  --> "aaa authorization config-commands"

Thanks

233
Views
0
Helpful
3
Replies