cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2004
Views
0
Helpful
1
Replies
siangyankhoo
Beginner

ACS 5.3 Shell Command Set

Hi all,

Currently i deploy a ACS 5.3 at customer site. The issue i face currently is some command sets no able to deny. Example like below:

i want to deny the AD user with priviledge level 15 to change the enable secret password and delete the enable secret password.

the command i issue at below:

deny enable secret -> working

deny no enable secret  -> no working

Anyone got idea to make the no working argument become working?

1 ACCEPTED SOLUTION

Accepted Solutions
mauzamor
Beginner

Hi there,

I just did a test in my ACS using your requirements and it worked fine, check below my configuration it may help you:

I am using the following AAA commands:

Switch(config)#do sh run | i aaa

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa session-id common

Switch(config)#

Rate if it helps!

View solution in original post

1 REPLY 1
mauzamor
Beginner

Hi there,

I just did a test in my ACS using your requirements and it worked fine, check below my configuration it may help you:

I am using the following AAA commands:

Switch(config)#do sh run | i aaa

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa session-id common

Switch(config)#

Rate if it helps!

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube