02-16-2014 12:42 AM - edited 03-10-2019 09:24 PM
Hello,
I manage all my users with Tacacs CISCO ACS.
I have group that i allowed them to enter to "configure terminal" level. but i don't want that they have access to
"router isis \ router bgp \ router ospf" on "configure terminal".
I tried the following settings:
also i tried
and it's not work fine. what can i do to deny access to router (bgp \ isis \ ospf) settings ?
Thanks,
Alon
02-20-2014 05:35 PM
As per my knowledge configuration looks perfect. I would suggets to remove and reapply the same config.
02-20-2014 10:22 PM
Please turn "# debug aaa authorization " and check the av pairs
02-22-2014 11:54 PM
Hello,
Problem solved, had no command --> "aaa authorization config-commands"
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide