How to restrict user access to Exec shell in CSACS v5.1
I am trying to give a user access to a single user mode command on a switch (show interfaces). I want to deny him from entering Exec mode altogether. The switch is configured as:
aaa authorization exec default group tacacs+ if-authenticated aaa authorization commands 1 default group tacacs+ if-authenticated
In CSACS v5.1 the user's shell profile has a default privilege of 1 and a maximum privilege of 1. His command set permits show interfaces and I explicity deny Show (no arguments) and Enable (no arguments). In user mode everything works fine; the user can only execute Show Interfaces. But, he is able to enter Enable to get to Exec mode, and when in exec mode he can enter any exec-level command (but user level commands are still restricted).
I thought just configuring his maximum privilege at 1 would have worked. Can anyone help out?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...