11-20-2017 11:44 AM - edited 02-21-2020 10:39 AM
I am having an issue allowing "do" show commands in the command set.
Specifically I want users to be able to issue:
"do show run interface *"
I cannot get the "do" portion to work. Would I have "do show" in the command portion? Or would I just have "do" in the command portion and "show run interface *" in the argument portion?
***Edit***
I found in ACS logs that ACS sees it come across as "do-exec" instead of just "do". Using that, I have "do-exec" in the command field and "sh* run" in the argument field. All good now!
Solved! Go to Solution.
11-20-2017 07:56 PM - edited 11-20-2017 07:58 PM
Solved.
ACS sees all "do " commands as "do-exec". By changing the command to "do-exec" and adding "sh* run" it fixed the issue.
11-20-2017 01:26 PM
Hi
Do command is present in IOS based device.If get error by trying to using if, probably have no support.
-If I helped you somehow, please, rate it as useful.-
11-20-2017 04:21 PM
That's an interesting observation. Not sure how ACS works but in ISE this is possible, since the command uses wildcards, and the arguments use regular expressions. I tested this in ISE 2.3
PASSED authorization examples:
sh runn
show ru
conf t
exit
do sh ru
do show clock
FAILED examples
do reload
show version
11-20-2017 07:56 PM - edited 11-20-2017 07:58 PM
Solved.
ACS sees all "do " commands as "do-exec". By changing the command to "do-exec" and adding "sh* run" it fixed the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide