12-01-2006 01:04 AM - edited 03-10-2019 02:51 PM
Hi,Any one can help...
I have set up AAA on my network.
aaa authentication login default group tacacs+ group security local
aaa authorization exec default group tacacs+ group security local
aaa accounting exec default start-stop group tacacs+ group security
tacacs-server host x.x.x.x
tacacs-server directed-request
tacacs-server key 7 xyz
I want set prvilige on group basis.
I have created a group called test in ACS server and set comnand authorization on pergroup basis
& added show command with permit running-config as arguments.
My objective is give the user of test group priv level 7 but they can use show running-config.
Any help?
thanks in advance
12-01-2006 01:22 AM
Hi,
If you want to set privilege on the basis of group setting then follow the following TAB::
Group>Edit Settings>
Then scroll down to Tacacs setting and set the desired privelege in privilege leve check box.
I hope this will fulfill your requirement.
Thanks
Deepak
12-04-2006 01:56 AM
Thanks for your reply.But I've already tried.If i give priv 7 he can't use show run. but i want to give hime sh run in priv 7
Thnx,
Sourav
12-05-2006 10:00 AM
You also have to reset the priv level of show run on the device. In IOS it would look something like this:
privilege exec level 7 show running-config
You will need to check the proper documentation for your router, etc.
12-05-2006 11:26 PM
Hi,
Thanks for your reply.It's nearly the exact what I wanted.However show running-config only shows like these
7206a#sh run
Building configuration...
Current configuration : 53 bytes
!
boot-start-marker
boot-end-marker
!
!
!
!
!
!
end
However #Show config
shows the proper running-config
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide