cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
667
Views
0
Helpful
2
Replies

TACACS and CSS privilege levels

Carl King
Level 1
Level 1

I hace successfully deployed the CSS with TACACS authentication. So far I can get both privileged and non-privileged users (show commands) but nothing in between. WEBNS can successfully differentiate between the different user levels as well.

We need to be able to have data center operators suspend or activate services upon request without the risk of them mistakenly making other changes.

How do I give them controlled access to do this? I have not had success with including additional commands in the TACACS command set. If I include configure in the command set, the user ends up in a login loop because they are not privileged.

2 Replies 2

philew
Level 4
Level 4

You will need to set up shell commands. I did this setting up Network groups and User groups.

To set up Command authorization you can look here:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp33/user/c.pdf

Here is the entire user guide for the TACACS:

http://cisco.com/application/pdf/en/us/guest/products/ps5927/c2001/ccmigration_09186a00803a9cbb.pdf

Thanks. The command authorization provided more insight.

I did get a more granular set of command controls that work in telnet sessions, but WEBNS seems to ignore the command set, providing the user with more privileges than they get on the command line.

I've opened a TAC case on this and have not heard back on it yet.

Review Cisco Networking for a $25 gift card