Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS authentication

I have configured TACACS and I am able to logon to cisco devices successfully using TACACS user ID and password. I need to create another group ad assign users to new group just to run SHOW RUNNING-CONFIG command only.

any idea?

Regards

3 REPLIES
Silver

Re: TACACS authentication

You need authorization for that. In freeware

TACACS, you need something like this:

user = adv {

member = advanced

name = "Advanced User"

# login = des DJVS9kfrcLbus

}

user = $adv$ {

member = advanced

name = "Advanced User"

# login = des W/3UA7J1cz3sQ

}

group = advanced {

cmd = show { permit .* }

cmd = copy { permit flash }

cmd = copy { permit running }

cmd = ping { permit .* }

cmd = configure { permit .* }

cmd = enable { permit .* }

cmd = disable { permit .* }

cmd = telnet { permit .* }

cmd = disconnect { permit .* }

cmd = where { permit .* }

cmd = set { permit .* }

cmd = clear { permit line }

cmd = exit { permit .* }

}

Easy right?

New Member

Re: TACACS authentication

Thanks for the reply. I am useing Cisco ACS 4.2. Any other suggestion?

Regards

Sajjad

New Member

Re: TACACS authentication

Hi,

Use the below cisco link. it will help you to meet your requirement.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

Rate me if it helps to you.

148
Views
0
Helpful
3
Replies