topic Re: Tacacs+ in Network Access Control

Tacacs+

abuhwra — Tue, 12 Feb 2019 13:33:54 GMT

hello,

I need some help please,

I configured tacacs+ in a clearbox and I configured one cisco switch testing. I have created some users and all of them can login to the switch.The problem is that all of them can access to configuration terminal which is privilege 15 but I need some of them to do show commands only !!

my regads

Salim

Re: Tacacs+

Damien Miller — Tue, 12 Feb 2019 16:15:47 GMT

I have no experience with Clearbox, and this would probably be a better question for their support team/forums.

As an example, to do this with Cisco ACS or ISE you create an authorization rule that provides a limited command set and shell profile. You typically identify and match on the users AD group or local account group membership in combination with the device types/locations.

You then create a second authorization rule for the same devices providing rear/write access with it's own associated command set and shell profile.

You need to figure out how Clearbox implements authorization rules, command sets, and shell profiles.