Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
2
Replies

permitting specified commands only

sivakondalarao
Level 1
Level 1

‎01-04-2007 02:32 AM

Hi,

We have TACACS enabled in our routers. I wanted to restrict user access to only particular commands. I am providing those commands below.

Router#term len 0

Router#sh clock

Router#sh ip int br

Router#sh env all

Router#sh int s0/0

Router#sh int s0/1

Router#ping 10.30.250.137

Router#conf t

Router(config)#int se0/0

Router(config-if)#no backup int br0/0

Router#exit

Router#isdn call int bri 0/0 22861600

Router#sh isdn a

Router#sh isdn status

Router(config)#int se0/0

Router(config-if)#backup int bri0/0

Router#sh int bri0/0

Router#sh run

Nothing more than these commands should be allowed for configuration. Can someone advice me for required configuration in Router as well as cisco ACS.

Regards

SKRAO

Labels:
0 Helpful
2 Replies 2

jolmo
Level 4
Level 4

‎01-05-2007 01:22 AM

Hi SKRAO

Please, take a look at this link:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml#testfile

Hope this helps

0 Helpful

mark.edwards
Level 1
Level 1

‎01-05-2007 01:45 AM

I have done this before on ACS. You need to do the following;

setup a "Shell Command Authorization Set" which is under shared components. You will need to add the commands you want to permit then select the "deny unmatched arguments" box. When this is setup you need to link it to the required ACS group.

This set is linked under the group under the "Shell Command Authorization Set" section.

0 Helpful
Customers Also Viewed These Support Documents