09-10-2006 11:54 PM
Hi
i want to deny the command "clear ip route *" only but not the other command like "clear ip route 1.1.1.1" how do we do it ?
It seem that ACS don't take the asterisk !!
thanks
09-11-2006 01:06 AM
Hi,
I suspect you may have tried to enter "clear ip route *" all at once and then hit "add command", which won't work.
Make sure you only have a single word in the box when you enter "add command". After that, enter "permit ip route *" in the right-hand box when clear is highlighted.
HTH
Andrew.
09-11-2006 01:30 AM
hi andrew
i have following:
Unmatched Commands: permit
add command: clear
permit unmatched arg:crossed
argument: deny ip route *
it seem that acs don't take the asterisk
09-11-2006 02:18 AM
Hi,
Just tried it - works ok my on my test acs box. Your description looks good - so might be worth creating a new command authorisation set.
Do you get an error message?
Andrew.
09-11-2006 02:40 AM
hi,
same result, can you do a clear ip route x.x.x.x ?
my goal is just to deny the clear all route but you should be able to deny a specific route.
With this setting it deny all commande after the route word.
09-11-2006 02:58 AM
Hi,
What error message are you actually getting? Is it a pop-up one, or does a specific error appear in the GUI?
Andrew.
09-11-2006 03:29 AM
hi
i dont have any error message on ACS.
it symply deny both command
clear ip route *
clear ip route x.x.x.x
gregor
09-11-2006 04:52 AM
Hi,
Do you see anything in the ACS logs, especially the "failed attempts" log file?
Andrew.
09-12-2006 12:15 AM
Hi,
yes in this file it say
Command denied service=shell cmd=clear ip route 138.187.250.36
our your system when you specifie this command can you do the specific clear ip route 1.1.1.1 ?
regards
gregor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide