https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655742#M422887 <HTML><HEAD></HEAD><BODY><P>My experience with tacacs command authorization is that once you give up "conf t" that's it, you've given them everything. Tac seems unable to delve further down the command chain than one level, so you can choose to allow "conf net" instead, but anything beyond that and your configuration is irrelavent.</P><P></P></BODY></HTML> Wed, 11 Oct 2006 16:33:00 GMT ktokash 2006-10-11T16:33:00Z https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655740#M422885 <P>I am trying to allow specific users to have limited priviledges when logging on to AAA clients. I have the authentication working, however I am unable to specify what commands they can use. I have tried using a per command authorization sets with no luck. Has anyone had any success with this?</P> Sun, 10 Mar 2019 21:45:06 GMT https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655740#M422885 juniorrookie 2019-03-10T21:45:06Z https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655741#M422886 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>I personally know of 100s of customers who use this feature. So yes it does work.</P><P></P><P>Can you provide any more info?</P></BODY></HTML> Tue, 19 Sep 2006 05:17:14 GMT https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655741#M422886 darpotter 2006-09-19T05:17:14Z https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655742#M422887 <HTML><HEAD></HEAD><BODY><P>My experience with tacacs command authorization is that once you give up "conf t" that's it, you've given them everything. Tac seems unable to delve further down the command chain than one level, so you can choose to allow "conf net" instead, but anything beyond that and your configuration is irrelavent.</P><P></P></BODY></HTML> Wed, 11 Oct 2006 16:33:00 GMT https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655742#M422887 ktokash 2006-10-11T16:33:00Z https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655743#M422888 <HTML><HEAD></HEAD><BODY><P>Hi Rookie,</P><P></P><P>Try like this it will help you:</P><P></P><P>aaa authorization config-commands</P><P>aaa authorization exec default group tacacs+ local</P><P>aaa authorization commands 1 default group tacacs+ local</P><P>aaa authorization commands 15 default group tacacs+ group windows-users local</P><P>aaa accounting exec default start-stop group tacacs+</P><P></P><P></P><P>Regards,</P><P>Arun</P></BODY></HTML> Tue, 05 Dec 2006 13:14:12 GMT https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655743#M422888 rajakumar.P 2006-12-05T13:14:12Z https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655744#M422889 <HTML><HEAD></HEAD><BODY><P>Try the following whitepaper:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080088893.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080088893.shtml</A></P></BODY></HTML> Tue, 05 Dec 2006 17:48:31 GMT https://community.cisco.com/t5/network-access-control/using-tacacs-authorization/m-p/655744#M422889 jhillend 2006-12-05T17:48:31Z