https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797371#M40530 <P>Hi,</P> <P>I have a simular problem but using user authencation on the TACAS, cannt find were to associate the user with a specific profile.</P> Wed, 18 May 2016 15:27:46 GMT Chris McCann 2016-05-18T15:27:46Z https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797367#M40526 <P>Hi all,</P> <P>I've been tasked with setting up ACS 5.6 to be able to authorize MS domain security groups members to have specific command access to our equipment. I've got the domain association and groups added, I have an Access Policy with a rule that is working so my domain test account can login to the switch and perform only the commands in my Command Set.</P> <P></P> <P>The issue is that when I assign a Shell Profile with privilege level 7 min/max to the rule, and the user logs in with this level, they are unable to see the commands that I've allowed in the Command Set. Is there a way to have ACS tell the IOS to automatically modify the commands visible to a specific privilege level when the user logs in, even though they aren't in that privilege level?</P> <P></P> <P>Any help greatly appreciated,</P> <P></P> <P>Chris Menuey</P> Mon, 11 Mar 2019 06:27:38 GMT https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797367#M40526 chrismenuey 2019-03-11T06:27:38Z https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797368#M40527 <P>Since you're using command authorization and restricting user to certain commands, why are we using privilege 7 and not 15?</P> <P>~Jatin</P> Tue, 09 Feb 2016 15:34:21 GMT https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797368#M40527 Jatin Katyal 2016-02-09T15:34:21Z https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797369#M40528 <P>It was an attempt to limit the commands visible to the junior technicians to keep them from being inundated with commands that won't have prevalence to what they need to do, assign access vlan numbers to ports, use show commands, etc. We were under the assumption that ACS would be able to do this automatically with priv 7 based on the commands we put in the command set, since it doesn't appear possible I'll just be using priv 15 and doing additional training to let them know that even though they can see it, doesn't mean they can use it <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P> <P></P> <P>Thanks for the confirmation of this Jatin, help is always appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 11 Feb 2016 04:22:32 GMT https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797369#M40528 chrismenuey 2016-02-11T04:22:32Z https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797370#M40529 <P>yw ! Here is a link to configure <A href="http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113590-acs5-tacacs-config.html">command authorization on ACS</A></P> <P>~ Jatin</P> <P></P> Thu, 11 Feb 2016 06:19:50 GMT https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797370#M40529 Jatin Katyal 2016-02-11T06:19:50Z https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797371#M40530 <P>Hi,</P> <P>I have a simular problem but using user authencation on the TACAS, cannt find were to associate the user with a specific profile.</P> Wed, 18 May 2016 15:27:46 GMT https://community.cisco.com/t5/network-access-control/acs-privilege-level-and-command-sets/m-p/2797371#M40530 Chris McCann 2016-05-18T15:27:46Z