Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
3
Replies

How can i deny access with ACS

alon to
Level 1
Level 1

‎02-16-2014 12:42 AM - edited ‎03-10-2019 09:24 PM

Hello,

I manage all my users with Tacacs CISCO ACS.

I have group that i allowed them to enter to "configure terminal" level. but i don't want that they have access to


"router isis \ router bgp \ router ospf" on "configure terminal".

I tried the following settings:

pic1.PNG

also i tried

pic2.PNG

and it's not work fine. what can i do to deny access to router (bgp \ isis \ ospf) settings ?

Thanks,

Alon

Labels:
0 Helpful
3 Replies 3

Ravi Singh
Level 7
Level 7

‎02-20-2014 05:35 PM

As per my knowledge configuration looks perfect. I would suggets to remove and reapply the same config.

0 Helpful

Saurav Lodh
Level 7
Level 7

‎02-20-2014 10:22 PM

Please turn "# debug aaa authorization " and check the av pairs

0 Helpful

alon to
Level 1
Level 1
In response to Saurav Lodh

‎02-22-2014 11:54 PM

Hello,           

Problem solved, had no command  --> "aaa authorization config-commands"

Thanks

0 Helpful
Customers Also Viewed These Support Documents