Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

permitting specified commands only

Hi,

We have TACACS enabled in our routers. I wanted to restrict user access to only particular commands. I am providing those commands below.

Router#term len 0

Router#sh clock

Router#sh ip int br

Router#sh env all

Router#sh int s0/0

Router#sh int s0/1

Router#ping 10.30.250.137

Router#conf t

Router(config)#int se0/0

Router(config-if)#no backup int br0/0

Router#exit

Router#isdn call int bri 0/0 22861600

Router#sh isdn a

Router#sh isdn status

Router(config)#int se0/0

Router(config-if)#backup int bri0/0

Router#sh int bri0/0

Router#sh run

Nothing more than these commands should be allowed for configuration. Can someone advice me for required configuration in Router as well as cisco ACS.

Regards

SKRAO

2 REPLIES
New Member

Re: permitting specified commands only

1) For Authentication :

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathen.htm

2) For Authorization :

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathor.htm

Authorization can be defined either on your TACACAS+ or locally. for TACACS+ refer few other conversations, which talk about shell authorization command set. you will find what you need. and locally if you are interested for these particular commands, then, just follow the links which i gave you.

Hope that helps.

New Member

Re: permitting specified commands only

Two more links for you.

1) http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml --> This particular link talks about ACS. I had started a conversation earlier and i got this in reply. worth looking once.

2) to perform authorization for these many particular commands, please find the link as below, (using privilege command)

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123tcr/123tsr/sec_p1gt.htm#wp1141496

Hope that helps.

cheers

120
Views
0
Helpful
2
Replies
CreatePlease to create content