Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
3
Replies

ACS 4.2

Anukalp S
Level 1
Level 1

‎03-11-2014 04:46 AM - edited ‎03-10-2019 09:31 PM

 

 

Hello..

 I am running ACS 4.2 and my network devices are getting access through it. I have a new user whom i want to give only read only access(including show configuration). So is there any changes which i need to do on ACS server to do so. I dont want to do any changes on network devices like(privilege exec level 7 show running-config or privilege exec level 7 show configuration).

Could any one pls tell me is this possible only doing changes on ACS server.

Labels:
0 Helpful
3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

‎03-11-2014 08:38 AM

Configuration that need to be performed on ACS 4.2
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/99361-acs-shell-auth.html#scenario2


Configuration you should have on IOS device.
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/99361-acs-shell-auth.html#rou

Please understand concept of command authorization before you implement changes.

 

Regards,

Jatin Katyal

** Do rate helpful posts**

~Jatin
0 Helpful

Anukalp S
Level 1
Level 1
In response to Jatin Katyal

‎03-12-2014 08:43 AM

 

 

Hi Jatin..

 I have below IOS config and  settings on ACS. I want new user to give all show access including show configuration but doesnt want him to excecute configure terminal. I tried for this but still not able to achieve this, pls suggest where i am doing wrong.

----------------------------------------------------

aaa new-model

aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host x.x.x.x

tacacs-server key y.y.y.y

------------------------------------------------------------------------------------

 

Preview file
48 KB
0 Helpful

kaaftab
Level 4
Level 4

‎03-11-2014 10:37 PM

wel you have no option except  authorization i.e which command to allow using the ACS and not much configuraiton required on access devicess .

0 Helpful
Customers Also Viewed These Support Documents