ACS-Shell commmand author. problem

d.sasso — Sun, 10 Mar 2019 20:58:31 GMT

I have setup shell commands for the helpdesk to do basic viewing of the router. Is there a way to limit what they can do in config mode and how do i configure that on the ACS. For instance if I want the helpdesk to enable a port on a 3560 switch.

This is in the test router:

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authorization exec default group tacacs+ none

aaa authorization commands 1 default group tacacs+ none

aaa authorization commands 15 default group tacacs+ none

Thanks in advance

Re: ACS-Shell commmand author. problem

gfullage — Wed, 19 Jan 2005 03:04:16 GMT

"aaa authorization commands ....." doesn't include authorization for commands done in config mode. To enable that add the command:

aaa authorization config-commands

Then add the "set port enable" (or whatever) command into the TACACS authorization profile on the ACS server just like any other command. Note that you'll have to allow them to get into config mode in the first place though.

topic Re: ACS-Shell commmand author. problem in Network Access Control

ACS-Shell commmand author. problem

Re: ACS-Shell commmand author. problem