Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restrict Single Interface ACS 5.4

Hello,

I am running ACS 5.4.0.46.4.  I am creating command sets to restrict access for a certain group of users.  Is there any way to restrict them from accessing a specific interface (Gi1/1/1 for instance)?  I tried putting a "deny interface GigabitEthernet1/1/1" into the command set rules, but I am still able to access that interface?

3 REPLIES
Cisco Employee

Restrict Single Interface ACS 5.4

Please post the screen shot of command set that you have created on ACS under policy elements.

From the end network device, get the following o/p

-debug tacacs

-debug aaa authen

-debug aaa author

-show run | in aaa

From  ACS 5.4 > monitoring and logging > tacacs authorization > find the user failed attempt > clcik on the magnifying glass in front of it and attach the screen shot of that page.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Restrict Single Interface ACS 5.4

Actually I figured it out.  I left out the space between the interface type (Gi) and number (1/1/1) in the argument.

Cisco Employee

Restrict Single Interface ACS 5.4

Alright, that's a good news.

Here is a link to configure command authorization on ACS 5. You may want to bookmark it.

http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bc8514.shtml#ade

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
127
Views
0
Helpful
3
Replies
CreatePlease login to create content