11-16-2008 01:31 AM - edited 03-10-2019 04:11 PM
I have configured TACACS and I am able to logon to cisco devices successfully using TACACS user ID and password. I need to create another group ad assign users to new group just to run SHOW RUNNING-CONFIG command only.
any idea?
Regards
11-16-2008 06:21 AM
You need authorization for that. In freeware
TACACS, you need something like this:
user = adv {
member = advanced
name = "Advanced User"
# login = des DJVS9kfrcLbus
}
user = $adv$ {
member = advanced
name = "Advanced User"
# login = des W/3UA7J1cz3sQ
}
group = advanced {
cmd = show { permit .* }
cmd = copy { permit flash }
cmd = copy { permit running }
cmd = ping { permit .* }
cmd = configure { permit .* }
cmd = enable { permit .* }
cmd = disable { permit .* }
cmd = telnet { permit .* }
cmd = disconnect { permit .* }
cmd = where { permit .* }
cmd = set { permit .* }
cmd = clear { permit line }
cmd = exit { permit .* }
}
Easy right?
11-16-2008 06:27 AM
Thanks for the reply. I am useing Cisco ACS 4.2. Any other suggestion?
Regards
Sajjad
11-16-2008 10:42 AM
Hi,
Use the below cisco link. it will help you to meet your requirement.
Rate me if it helps to you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: