Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
1
Replies

AAA for IOS and CATOS

bghobadi2
Level 1
Level 1

‎04-28-2005 09:59 AM - edited ‎03-10-2019 02:07 PM

Hello.

My TACACS server is a ACS 3.3.2. I have associated two Active Directory groups to two of the ACS groups.

1. I need to give full telnet/ssh and console rights to Group1 to our IOS and CATOS devices.

2. I need to allow Group2 to sh only the SHOW command output

3. I also need to gather accounting info on the two groups.

I have configured the following on the IOS devices. But my authorization is failing:

aaa new-model

!

aaa authentication login default group tacacs+ local none

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting commands 1 default stop-only group tacacs+

aaa accounting commands 15 default stop-only group tacacs+

aaa accounting update newinfo

aaa session-id common

ip tacacs source-interface Loopback0

tacacs-server host 10.23.x.y

tacacs-server directed-request

tacacs-server key 123

What would be CATOS commands to accomplish my task?

Thanks veryone in advance.

Bo

Labels:
0 Helpful
1 Reply 1

bghobadi2
Level 1
Level 1

‎04-28-2005 11:16 AM

I am sorry I fogot to add the error message. Here it is:

TACACS_TEST#sh run

Command authorization failed.

0 Helpful
Customers Also Viewed These Support Documents