topic Re: Command Authentication within ACS 5.1 in Network Access Control

Command Authentication within ACS 5.1

p-blake — Mon, 11 Mar 2019 00:18:17 GMT

I have set up a new ACS 5.1 appliance and it seems to be going well. I would like to be able to restrict access to the command SHOW CDP NEIGHBOR DETAIL to a specific group but continue to allow SHOW CDP NEIGHBOR.

I am able to either allow access to the SHOW CDP commands or deny them but am unable to get more granular with the command arguments.

Can anyone offer any suggestions?

Thanks for the assistance.

Paul Blake

Re: Command Authentication within ACS 5.1

Javier Henderson — Fri, 06 Aug 2010 17:07:04 GMT

Can you post a screenshot of the command set definition?

Re: Command Authentication within ACS 5.1

Przemyslaw Konitz — Tue, 10 Aug 2010 12:27:48 GMT

this is my example which works fine

and the result

so it can be done

Re: Command Authentication within ACS 5.1

p-blake — Fri, 13 Aug 2010 18:06:46 GMT

That worked GREAT!!! Thanks.. I think I was missing the final "s" when inputting the command into the ACS. Show CDP Neighbor detail is different than show CDP neighbors detail.

Thanks again for you help.

Re: Command Authentication within ACS 5.1

Cisco SCC — Tue, 17 Aug 2010 11:14:25 GMT

I have configured ACS 5.1 and im having issues with Commadn sets. Im trying to deny show cdp neighbors to some users. What priv level should they receive when they log in. I just cant get the command sets to deny any commands

Re: Command Authentication within ACS 5.1

Przemyslaw Konitz — Tue, 17 Aug 2010 11:21:11 GMT

I would do it in a different way.

create separate rule with additional condition of that separate user group and then as result assign them different command set.

I think its the easiest way

regards