Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

restrict aaa access using command authorization windows acs3.6

i need to enable aaa users to shut and unshut interfaces but nothing else. i already have all the users and groups setup but when i modify the command auth set to include "configure" "permit term" they are given unrestricted access.

any help appreciated

1 REPLY
Cisco Employee

Re: restrict aaa access using command authorization windows acs3

On the router there's a:

aaa authorization config-commands

command, make sure you have that in. You then have to set up command authorization on the TACACS server to allow "interface permit any", "shutdown" and "no shutdown" commands.

152
Views
0
Helpful
1
Replies
CreatePlease to create content