Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

shell command authorization set

umatched commands set to deny

command "configure" argument "permit terminal"

user has full access to all. i just want user to adjust vty lines. I also have the following commands

show with argument"permit run and start"

thats all i have set up in command. they should not be able to do anything in the config mode "Yet"

8 REPLIES

Re: shell command authorization set

James,

Please check out this link and attached file,

http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

Regards,

~JG

Do rate helpful posts

New Member

Re: shell command authorization set

I actually set up the commands using that document. it is supposed to deny anything else once you are in the config mode. because i have no other commands or arguments defined. but i have full control

Re: shell command authorization set

Do you have this command in config

aaa authorization config-command

New Member

Re: shell command authorization set

i do not have that in my config. I do not know where i would put it. here is my config

aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication login no_tacacs enable

aaa authentication enable default group tacacs+ enable

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

Re: shell command authorization set

You need issue that command in config t mode

aaa authorization config-command

That will take care of your issue.

Regards,

~JG

Do rate helpful posts

New Member

Re: shell command authorization set

Hi James,

Is there a privilege level defined on your vty? Especially if theres a privilege level is 15, remove it first then try it again.

Regards,

Jong

New Member

Re: shell command authorization set

there is no privilege defined on vty

New Member

Re: shell command authorization set

ok, all you have to do is to follow JG's instruction above on his previous mail to enter the "aaa authorization config-command" in config t mode.

Thanks,

Jong

178
Views
0
Helpful
8
Replies