https://community.cisco.com/t5/network-access-control/acs-shell-command-authorization-sets/m-p/1640480#M253368 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply!</P><P></P><P>there are no errors, the switch ios is putting the asterics as it does when you enter a command that is not recognised, i.e. for clear port-security the port-security onwards is not recognised.&nbsp; On this note, the user is entered into priviledge mode and not in configure terminal mode, just base priviledge mode.&nbsp; The group in ACS is set to max priviledge level 7 and have also set this on the user account in addition.</P><P></P><P>I am using ACS v 4.1.</P><P></P><P>While I receive the service messages and also when they go away - I always have the authorisation problem.</P><P></P><P>Thanks</P><P></P><P>Steve</P></BODY></HTML> Sat, 08 Jan 2011 14:10:30 GMT steve pearson 2011-01-08T14:10:30Z https://community.cisco.com/t5/network-access-control/acs-shell-command-authorization-sets/m-p/1640478#M253319 <P>Hi,</P><P></P><P>I have had a problem where a set of users in two groups in ACS are struggling entering commands.&nbsp; The commands are set in the Shell Command Authorization Sets and this hasnt changed.&nbsp; Other commands are working.&nbsp; As this is spanning two groups in ACS I am thinking it's not something with the groups but the command sets itself.</P><P></P><P>Just to check, the commands are 'clear port-security' and clear mac address-table' - I have entered in Command 'clear' and the following attributes;</P><P>permit port-security<BR />permit mac address-table'</P><P></P><P>I've also ticked 'Permit unmatched args'</P><P></P><P></P><P>At the same time as this is occuring I have been recieving the following messages from the ACS server via email;</P><P></P><P></P><P>Test Timed out for service: CSAdmin<BR />Test Timed out for service: CSAuth<BR />Test Timed out for service: CSDbSync<BR />Test Timed out for service: CSLog</P><P></P><P>I have looked at other posts and have restarted CSMon.&nbsp; This then stops the messages for some time, then a day or so later I get the messages again.</P><P></P><P></P><P>Could this be tied in with the command issue?&nbsp; Is there something else I should look at other than restarting the server and the CSMon service again?&nbsp; All other CS' services are running.</P><P></P><P>Thanks!!</P><P></P><P>Steve</P> Mon, 11 Mar 2019 00:41:59 GMT https://community.cisco.com/t5/network-access-control/acs-shell-command-authorization-sets/m-p/1640478#M253319 steve pearson 2019-03-11T00:41:59Z https://community.cisco.com/t5/network-access-control/acs-shell-command-authorization-sets/m-p/1640479#M253352 <HTML><HEAD></HEAD><BODY><P>When you are failing to authorize the commands, what is the error message ? It would be interesting to see a package.cab of that</P><P>What version of ACS are you running by the way ?</P><P></P><P>And when you restart CSMon and the message doesn't appear for a day, is your command problem gone too ?</P><P></P><P>Nicolas</P></BODY></HTML> Sat, 08 Jan 2011 08:14:25 GMT https://community.cisco.com/t5/network-access-control/acs-shell-command-authorization-sets/m-p/1640479#M253352 Nicolas Darchis 2011-01-08T08:14:25Z https://community.cisco.com/t5/network-access-control/acs-shell-command-authorization-sets/m-p/1640480#M253368 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply!</P><P></P><P>there are no errors, the switch ios is putting the asterics as it does when you enter a command that is not recognised, i.e. for clear port-security the port-security onwards is not recognised.&nbsp; On this note, the user is entered into priviledge mode and not in configure terminal mode, just base priviledge mode.&nbsp; The group in ACS is set to max priviledge level 7 and have also set this on the user account in addition.</P><P></P><P>I am using ACS v 4.1.</P><P></P><P>While I receive the service messages and also when they go away - I always have the authorisation problem.</P><P></P><P>Thanks</P><P></P><P>Steve</P></BODY></HTML> Sat, 08 Jan 2011 14:10:30 GMT https://community.cisco.com/t5/network-access-control/acs-shell-command-authorization-sets/m-p/1640480#M253368 steve pearson 2011-01-08T14:10:30Z