Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
4
Replies

Allowing user's to only issue certain commands.

darcy
Level 1
Level 1

‎06-06-2002 09:04 AM - edited ‎03-08-2019 10:52 PM

Hi,

I am trying to setup a group of user's that will only be allowed to issue basic commands on network devices. Such as switches and routers. We currently have CiscoSecure ACS version 2.3(6) running with TACACS. Do I accomplish this via CiscoSecure and TACACS. I am new to the CiscoSecure. Any help would be greatly appreciated.

Thanks,

Darcy

Labels:
0 Helpful
4 Replies 4

tepatel
Cisco Employee
Cisco Employee

‎06-06-2002 09:42 AM

You need to assign privilege level for a user from tacacs..Here is the link which discuss that

http://www.cisco.com/warp/public/480/PRIV.html

Thanks..Tejal

0 Helpful

yusuff
Cisco Employee
Cisco Employee

‎06-07-2002 04:17 AM

You need to do Command authorization and use ACS to permit/deny set of commands on a per user/group basis

there are heaps of URLs on CCO, do a search for AAA command authorization

Hope that helps.

R/Yusuf

0 Helpful

darcy
Level 1
Level 1
In response to yusuff

‎06-11-2002 09:52 AM

Thanks for the response. I tried the following but still isn't working. I created a group and added the attributes:

service shell

Cmd show

Permit port

Yet am still able to do all show commands.

Any advice?

Thank you,

Darcy

0 Helpful

yusuff
Cisco Employee
Cisco Employee
In response to darcy

‎06-16-2002 01:48 AM

did you also add the neccesary AAA liens on the router/switch

http://www.cisco.com/warp/public/480/72.shtml

(check step C and D)

R/Yusuf

0 Helpful
Customers Also Viewed These Support Documents