10-10-2008 01:31 PM - edited 03-10-2019 04:07 PM
I need help on the Authorization Set. I have the following currently configured.
clear permit port-security dynamic
permit port-security all
permit port-security sticky
permit mac-address-table dynamic
Configure permit terminal
end
exit
show permit port-security
permit mac-address-table
permit interfaces status
permit interfaces stats
permit running-config interface FastEthernet
permit ver
switchport permit port-security
write permit memory
permit network
copy running-config startup-config
everything seems to work fine. For example you can not do a show running config.
my problem is the conf t. Once you in you can do any commands you want ie. "int fax/x/x" "switchport access vlan XX"
I tried different interface permit commands and still can not restrict commands.
None of the permit unmatched commands are checked.
What I would like is to permit interaface commands for port security commands, but not allow shut or no shut. etc.
10-11-2008 03:52 AM
Have you turned on:
aaa authorization config-commands
Regards
Farrukh
10-13-2008 05:16 AM
As suggested by Faruk, it seems it is not checking for authorization in config t mode that is why you are able to execute all commands.
Please add
aaa authorization config-commands
Above command will enable authorization for config t mode.
Regards,
~JG
10-15-2008 09:39 AM
that fixed it. thanks.
10-15-2008 10:38 AM
Its great to know you have it working now. :)
Please rate helpful posts to increase the utility of this information for future readers.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: