Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
2
Replies

TACACS and CSS privilege levels

Carl King
Level 1
Level 1

‎11-17-2005 11:45 AM

I hace successfully deployed the CSS with TACACS authentication. So far I can get both privileged and non-privileged users (show commands) but nothing in between. WEBNS can successfully differentiate between the different user levels as well.

We need to be able to have data center operators suspend or activate services upon request without the risk of them mistakenly making other changes.

How do I give them controlled access to do this? I have not had success with including additional commands in the TACACS command set. If I include configure in the command set, the user ends up in a login loop because they are not privileged.

Labels:
0 Helpful
2 Replies 2

philew
Level 4
Level 4

‎11-18-2005 06:35 AM

You will need to set up shell commands. I did this setting up Network groups and User groups.

To set up Command authorization you can look here:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp33/user/c.pdf

Here is the entire user guide for the TACACS:

http://cisco.com/application/pdf/en/us/guest/products/ps5927/c2001/ccmigration_09186a00803a9cbb.pdf

0 Helpful

Carl King
Level 1
Level 1
In response to philew

‎11-18-2005 10:52 AM

Thanks. The command authorization provided more insight.

I did get a more granular set of command controls that work in telnet sessions, but WEBNS seems to ignore the command set, providing the user with more privileges than they get on the command line.

I've opened a TAC case on this and have not heard back on it yet.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card