https://community.cisco.com/t5/network-access-control/cisco-acs-command-authorization-sets/m-p/359092#M433112 <HTML><HEAD></HEAD><BODY><P>For#1 - No idea on catOS</P><P></P><P>For #2 - <A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697557" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697557</A></P><P></P><P>(only a bit of pattern matching)</P><P></P><P>For #3 you can look in TACACS+ Administration file or Failed Attempts active.csv on your ACS to what the AAA client is sending to the ACS for authorization</P></BODY></HTML> Wed, 08 Dec 2004 00:08:33 GMT risgro 2004-12-08T00:08:33Z https://community.cisco.com/t5/network-access-control/cisco-acs-command-authorization-sets/m-p/359091#M433111 <P>I need help on the following please.</P><P></P><P>1. - I am using ACS as TACACS server to control IOS authorization on all our Switches, However I can not deny telnet sessions to other devices from within CatOS - does anyone know the command authorization set to deny this within ACS ????</P><P></P><P>2. Does anyone know where I can read up on command authorizations sets for ACS ??</P><P></P><P>3. What is the debug command for CatOS to see cli output ?</P><P></P><P>Many thanks</P><P></P><P>Rod</P> Sun, 10 Mar 2019 20:55:08 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-command-authorization-sets/m-p/359091#M433111 rod.blackie 2019-03-10T20:55:08Z https://community.cisco.com/t5/network-access-control/cisco-acs-command-authorization-sets/m-p/359092#M433112 <HTML><HEAD></HEAD><BODY><P>For#1 - No idea on catOS</P><P></P><P>For #2 - <A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697557" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697557</A></P><P></P><P>(only a bit of pattern matching)</P><P></P><P>For #3 you can look in TACACS+ Administration file or Failed Attempts active.csv on your ACS to what the AAA client is sending to the ACS for authorization</P></BODY></HTML> Wed, 08 Dec 2004 00:08:33 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-command-authorization-sets/m-p/359092#M433112 risgro 2004-12-08T00:08:33Z https://community.cisco.com/t5/network-access-control/cisco-acs-command-authorization-sets/m-p/359093#M433113 <HTML><HEAD></HEAD><BODY><P>Thanks for your info. I have solved my problem - </P><P></P><P>1. I enabled tacacs administration logging using command on switch aaa authorization commands 15 default group tacacs+</P><P></P><P>This let me see what what happening everytime I entered a command on CatOS - via the logging monitor on ACS. From here i was able to see that when i was trying to telnet to a device from CatOS it was doing it on Privilage mode 1. I then entered this command aaa authorization commands 1 default group tacacs+ which solved my telnet problem.</P><P></P><P>Problem resolved.</P><P></P><P>Many thanks.</P></BODY></HTML> Wed, 08 Dec 2004 09:51:36 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-command-authorization-sets/m-p/359093#M433113 rod.blackie 2004-12-08T09:51:36Z