https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034418#M558263 <P>TACACS+ Command Sets should be based on specific business requirements, so they are rarely "one size fits all"</P> <P>&nbsp;</P> <P>You can find some examples in the following video, but you'll need to use the same methodology to develop your required Command Sets. You would typically want to test these extensively in a non-Prod environment as well before deploying into Production.</P> <P><A href="https://www.youtube.com/watch?v=qbnvjzr_zi4" target="_self">ISE 2.0: TACACS+ Command Authorization</A>&nbsp;</P> Sun, 23 Feb 2020 22:18:33 GMT Greg Gibbs 2020-02-23T22:18:33Z https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034317#M558256 <P>We recently started moving our devices back to TACACS authentication from RADIUS. We had this on ACS, but when we migrated to ISE it only supported RADIUS at the time. Now that we can do authorization sets again, I am curious as to what command sets you consider safe for Contractors or Junior Admins. I know this can vary by platform, but just looking for some ideas as we look to lock down these users command sets.</P> Sun, 23 Feb 2020 13:26:08 GMT https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034317#M558256 CommKeeper 2020-02-23T13:26:08Z https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034319#M558257 <P>There are plenty of resource on cisco website <A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200208-Configure-ISE-2-0-IOS-TACACS-Authentic.html" target="_self">here</A>&nbsp;</P> Sun, 23 Feb 2020 13:34:44 GMT https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034319#M558257 Sheraz.Salim 2020-02-23T13:34:44Z https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034323#M558258 <P>Thanks for sharing this link. I do understand how to set this up, but I'm just looking for some command sets others have used for roles such as these. I did not see that type of examples in the document link outside of 'show'.</P><P>&nbsp;</P><P>Example:</P><P>Junior Admin</P><P>Permitted</P><P>#show</P><P>(config)# hostname</P><P>(config-if)# switchport</P><P>(config-if)# authentication</P><P>(config-if)# dot1x</P><P>(config-if)# service-policy</P><P>Denied</P><P>(config)# ip route</P><P>(config)# interface vlan</P><P>(config)# aaa</P><P>&nbsp;</P><P>...etc.etc..</P><P>&nbsp;</P> Sun, 23 Feb 2020 13:48:19 GMT https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034323#M558258 CommKeeper 2020-02-23T13:48:19Z https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034324#M558259 <P>check this page it has all the required information might be helpful for you <A href="https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-configuration-examples-list.html" target="_self">here</A>&nbsp;</P> Sun, 23 Feb 2020 13:54:39 GMT https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034324#M558259 Sheraz.Salim 2020-02-23T13:54:39Z https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034418#M558263 <P>TACACS+ Command Sets should be based on specific business requirements, so they are rarely "one size fits all"</P> <P>&nbsp;</P> <P>You can find some examples in the following video, but you'll need to use the same methodology to develop your required Command Sets. You would typically want to test these extensively in a non-Prod environment as well before deploying into Production.</P> <P><A href="https://www.youtube.com/watch?v=qbnvjzr_zi4" target="_self">ISE 2.0: TACACS+ Command Authorization</A>&nbsp;</P> Sun, 23 Feb 2020 22:18:33 GMT https://community.cisco.com/t5/network-access-control/looking-for-example-authorization-command-sets-for-mid-privilege/m-p/4034418#M558263 Greg Gibbs 2020-02-23T22:18:33Z