https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3672809#M508652 <P>Hi Experts,</P> <P>&nbsp;</P> <P>i was trying to configure tacacs for nexus access using ise 2.4. on the command sets for readonly access i only allowed a few commands for testing but after logging in, i can also use the other commands although they were not set on the tacacs command sets. only show int status and exit was set but other command like show vlan can be excuted. i can even execute "conf t" . any guide on how to configure the command sets for nexus ?&nbsp;</P> <P>&nbsp;</P> <P>tia,</P> <P>chris</P> Tue, 24 Jul 2018 08:48:22 GMT Meuserid1979 2018-07-24T08:48:22Z https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3672809#M508652 <P>Hi Experts,</P> <P>&nbsp;</P> <P>i was trying to configure tacacs for nexus access using ise 2.4. on the command sets for readonly access i only allowed a few commands for testing but after logging in, i can also use the other commands although they were not set on the tacacs command sets. only show int status and exit was set but other command like show vlan can be excuted. i can even execute "conf t" . any guide on how to configure the command sets for nexus ?&nbsp;</P> <P>&nbsp;</P> <P>tia,</P> <P>chris</P> Tue, 24 Jul 2018 08:48:22 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3672809#M508652 Meuserid1979 2018-07-24T08:48:22Z https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3672919#M508654 <P>Will this work for you? This will allow all show commands, but will not allow configuration commands. I have not tried limiting to specific commands.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2018-07-24 06_18_17-Identity Services Engine - Internet Explorer.png" style="width: 232px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/15023i8F5049C1833AA461/image-size/large?v=v2&amp;px=999" role="button" title="2018-07-24 06_18_17-Identity Services Engine - Internet Explorer.png" alt="2018-07-24 06_18_17-Identity Services Engine - Internet Explorer.png" /></span></P> Tue, 24 Jul 2018 10:22:51 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3672919#M508654 Alex Pfeil 2018-07-24T10:22:51Z https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3672933#M508656 <P>Hi Alex,</P> <P>&nbsp;</P> <P>thanks for the reply. yes i tried this and applied for each authz as per my screenshot. there are difference when loggin in as "administrator" and "readonly" but seems like limiting the commands(for read only access) which is applied on the command set portion of the authz doesnt work? coz i still can execute lots of commands which should be filtered by command sets. not sure whether its a normal nexus behavior? thanks</P> <P>&nbsp;</P> <P>chris</P> Tue, 24 Jul 2018 10:32:30 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3672933#M508656 Meuserid1979 2018-07-24T10:32:30Z https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3673491#M508658 <P>Make sure that the correct authorization commands are enabled on the Nexus device and check out the PDF of the guide available here:</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG><A href="https://community.cisco.com/t5/security-documents/how-to-ise-tacacs-configuration-for-cisco-nx-os-network-devices/ta-p/3631609" target="_self">https://community.cisco.com/t5/security-documents/how-to-ise-tacacs-configuration-for-cisco-nx-os-network-devices/ta-p/3631609</A></STRONG></P> <P>&nbsp;</P> <P><STRONG>Thanks,</STRONG></P> <P>&nbsp;</P> <P><STRONG>Alex</STRONG></P> Tue, 24 Jul 2018 17:03:08 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-command-sets-for-nexus-access/m-p/3673491#M508658 Alex Pfeil 2018-07-24T17:03:08Z