https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188576#M437010 <HTML><HEAD></HEAD><BODY><P>What do you mean by CLI mode, is it the console connection, in certain version authorization is disabled in console and that could be the reason.</P><P>Have you addedd the command</P><P></P><P>aaa authorization config-commands</P><P></P><P>and see if there is any difference.</P><P></P></BODY></HTML> Wed, 26 Mar 2003 11:25:13 GMT sghosh 2003-03-26T11:25:13Z https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188575#M437008 <P></P><P>Just would like to ask your assistance and more ideas about the above subject. </P><P></P><P>When TACACS+ is used for device management ( example; in a router ), when a user is defined in the ACS that he should not be able to use reload/copy commands inside the router. After defining it, why at CLI mode the authorization commands being defined which is to deny it will not take effect. It took effect only at telnet mode. </P><P></P><P>What security commands can be applied at the router side or at the ACS side that even at CLI mode, a user is also controlled what commands he is allowed to input/used.</P><P></P><P>Thank you and looking forward for your suggestions/work arounds.</P><P></P><P>Vivira Alastra</P> Sun, 10 Mar 2019 14:12:57 GMT https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188575#M437008 valastra 2019-03-10T14:12:57Z https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188576#M437010 <HTML><HEAD></HEAD><BODY><P>What do you mean by CLI mode, is it the console connection, in certain version authorization is disabled in console and that could be the reason.</P><P>Have you addedd the command</P><P></P><P>aaa authorization config-commands</P><P></P><P>and see if there is any difference.</P><P></P></BODY></HTML> Wed, 26 Mar 2003 11:25:13 GMT https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188576#M437010 sghosh 2003-03-26T11:25:13Z https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188577#M437013 <HTML><HEAD></HEAD><BODY><P>If you are referring CLI to be EXEC (privileg mode) then probably you are missing command authorization lines missing. </P><P></P><P>aaa authorization exec default tacacs+ local</P><P>aaa authorization commands 0 default tacacs+ local</P><P>aaa authorization commands 15 default taccas+ local</P><P></P><P>If you have the above commands and still if it doesn't work, then my suggestion would be give us the profile, possibility that profile was not created properly.</P></BODY></HTML> Thu, 27 Mar 2003 08:50:31 GMT https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188577#M437013 mhoda 2003-03-27T08:50:31Z https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188578#M437016 <HTML><HEAD></HEAD><BODY><P>To make your authorization work while connected to the console, use this hidden command</P><P></P><P>aaa authorization console</P><P></P><P>If you are accessing the console using a reverse telnet connection, use this published command</P><P></P><P>aaa authorization reverse-access default / list-name method1..method2</P></BODY></HTML> Wed, 02 Apr 2003 03:57:51 GMT https://community.cisco.com/t5/network-access-control/tacacs-for-device-management-security/m-p/188578#M437016 ciscotopgun 2003-04-02T03:57:51Z