Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How do I limit a user to specific routers commands?

I have ACS/NT 2.6(4) that controls access to all my routers via TACACS+ using AAA commands in the routers. I want to set up a user that can ONLY 'reload' a router, (we have a need to reload a certain router once a week). I've gone into the USER config area of the ACS and it seems I need to give level-15 access for the user to get into enable mode, but then they have the ability to do anything they want.

Can I limit a user , once he is in enable mode, to just be able to execute the reload command?

1 REPLY
Cisco Employee

Re: How do I limit a user to specific routers commands?

Yes, you can limit a user to use reload command only. You need to configure command authorization on the router and configure ACS to permit only 'reload' command and deny all others.

Following URL will help;

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c4.htm#xtocid178536

http://www.cisco.com/warp/public/480/8.shtml

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c6.htm

HTH

R/Yusuf

97
Views
0
Helpful
1
Replies
CreatePlease login to create content