05-08-2008 06:40 AM - edited 03-10-2019 03:49 PM
umatched commands set to deny
command "configure" argument "permit terminal"
user has full access to all. i just want user to adjust vty lines. I also have the following commands
show with argument"permit run and start"
thats all i have set up in command. they should not be able to do anything in the config mode "Yet"
05-08-2008 07:01 AM
James,
Please check out this link and attached file,
Regards,
~JG
Do rate helpful posts
05-08-2008 07:24 AM
I actually set up the commands using that document. it is supposed to deny anything else once you are in the config mode. because i have no other commands or arguments defined. but i have full control
05-08-2008 07:44 AM
Do you have this command in config
aaa authorization config-command
05-08-2008 08:38 AM
i do not have that in my config. I do not know where i would put it. here is my config
aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication login no_tacacs enable
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
05-08-2008 08:42 AM
You need issue that command in config t mode
aaa authorization config-command
That will take care of your issue.
Regards,
~JG
Do rate helpful posts
05-08-2008 07:54 AM
Hi James,
Is there a privilege level defined on your vty? Especially if theres a privilege level is 15, remove it first then try it again.
Regards,
Jong
05-08-2008 08:36 AM
there is no privilege defined on vty
05-08-2008 07:19 PM
ok, all you have to do is to follow JG's instruction above on his previous mail to enter the "aaa authorization config-command" in config t mode.
Thanks,
Jong
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: