Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

unable to logout of shell

Good day to all. I have a couple of ACS 5.4 appliances that we have command sets working in almost to point where we are finished.

Below is the AAA config we are using.

When I put the command set authorized commands for the shell they all work except "exit" and "end"

When logged in as a user of the particular AD group you an do work but you can never exit properly.

You have to kill the shell window, SSH V2 in our case, to get out.

aaa new-model

aaa authentication login default group tacacs+ enable line

aaa authentication login VTY group tacacs+

aaa authentication login CONSOLE group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authentication dot1x default group radius

aaa authorization console

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization exec CONSOLE group tacacs+ local

aaa authorization exec VTY group tacacs+

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 1 VTY group tacacs+

aaa authorization commands 15 default group tacacs+ local

aaa authorization commands 15 VTY group tacacs+

aaa authorization network default group radius

aaa authorization network auth-list group radius

aaa authorization auth-proxy default group radius

aaa accounting update periodic 1

aaa accounting auth-proxy default start-stop group radius

aaa accounting dot1x default start-stop group radius

aaa accounting exec CONSOLE start-stop group tacacs+

aaa accounting commands 1 VTY start-stop group tacacs+

aaa accounting commands 15 VTY start-stop group tacacs+

aaa session-id common

our Command sets in V5.4 look like this:

Grant                    Command               Arguments

Permit                    end                   

Permit                    exit                        

Permit                    enable

Permit                    show                    int* f*

Permit                    show                    int* g*

Permit                    show                    port-security

Permit                    show                    int* status

Permit                    clear                    port-security sticky int* g*

Permit                    clear                    port-security sticky int* f*

Permit                    ping

ej

164
Views
0
Helpful
0
Replies
CreatePlease login to create content