Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Customization of AAA

I need to know how to apply a custom config to allow a tacacs group to be able to access all commands from the cli EXCEPT "configuration mode".

I have the groups defined in tacacs+ but need to write the config for the devices...

1 REPLY
Hall of Fame Super Silver

Re: Customization of AAA

Katherine

I believe that this kind of control over what commands can be executed and what can not is generally done with command authorization sets in TACACS. Are you saying that you have configured command authorization sets for these users and want to configure it on the router? I would configure it something like this:

aaa authorization commands 15 default group tacacs+ if-authenticated

HTH

Rick

153
Views
0
Helpful
1
Replies