Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
1
Replies

ACS 5.3 question Custom command sets for TACACS+

burnsidestev
Level 1
Level 1

‎03-17-2014 10:08 AM - edited ‎03-10-2019 09:32 PM

Custom command sets for TACACS+

I am trying to configure a custom set for our NOC.  I can get show commands working, but ping and traceroute do not work.

 

I added them the same way using permit ping and permit traceroute.  Do I also need an arguement for these two commands?  With show I could leave that blank to enable all show commands.

Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎03-17-2014 01:01 PM

What do you see under ACS > tacacs authorization logs. If you have already defined the command set and hitting the right one and still failing then most likely the format/syntax you have defined and the format/syntax the NAS device sending do not match. 

 

You can also turn on debugs and check what NAS is sending to ACS.

debug tacacs

debug aaa authorization

term mon

You may also go through the ACS 5 command authorization configuration example.

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113590-acs5-tacacs-config.html

 

Regards,

Jatin Katyal

*Do rate helpful posts*

~Jatin
0 Helpful
Customers Also Viewed These Support Documents