05-31-2012 02:32 AM - edited 03-10-2019 07:08 PM
Hi all,
Currently i deploy a ACS 5.3 at customer site. The issue i face currently is some command sets no able to deny. Example like below:
i want to deny the AD user with priviledge level 15 to change the enable secret password and delete the enable secret password.
the command i issue at below:
deny enable secret -> working
deny no enable secret -> no working
Anyone got idea to make the no working argument become working?
Solved! Go to Solution.
05-31-2012 06:08 AM
Hi there,
I just did a test in my ACS using your requirements and it worked fine, check below my configuration it may help you:
I am using the following AAA commands:
Switch(config)#do sh run | i aaa
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa session-id common
Switch(config)#
Rate if it helps!
05-31-2012 06:08 AM
Hi there,
I just did a test in my ACS using your requirements and it worked fine, check below my configuration it may help you:
I am using the following AAA commands:
Switch(config)#do sh run | i aaa
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa session-id common
Switch(config)#
Rate if it helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide