06-06-2002 09:04 AM - edited 03-08-2019 10:52 PM
Hi,
I am trying to setup a group of user's that will only be allowed to issue basic commands on network devices. Such as switches and routers. We currently have CiscoSecure ACS version 2.3(6) running with TACACS. Do I accomplish this via CiscoSecure and TACACS. I am new to the CiscoSecure. Any help would be greatly appreciated.
Thanks,
Darcy
06-06-2002 09:42 AM
You need to assign privilege level for a user from tacacs..Here is the link which discuss that
http://www.cisco.com/warp/public/480/PRIV.html
Thanks..Tejal
06-07-2002 04:17 AM
You need to do Command authorization and use ACS to permit/deny set of commands on a per user/group basis
there are heaps of URLs on CCO, do a search for AAA command authorization
Hope that helps.
R/Yusuf
06-11-2002 09:52 AM
Thanks for the response. I tried the following but still isn't working. I created a group and added the attributes:
service shell
Cmd show
Permit port
Yet am still able to do all show commands.
Any advice?
Thank you,
Darcy
06-16-2002 01:48 AM
did you also add the neccesary AAA liens on the router/switch
http://www.cisco.com/warp/public/480/72.shtml
(check step C and D)
R/Yusuf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide