cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

688
Views
5
Helpful
3
Replies
Highlighted
Beginner

ACS 5.x "do" commands in Command Set

I am having an issue allowing "do" show commands in the command set.

 

Specifically I want users to be able to issue:

 

"do show run interface *"

 

I cannot get the "do" portion to work.  Would I have "do show" in the command portion?  Or would I just have "do" in the command portion and "show run interface *" in the argument portion?

 

 

 

***Edit***

I found in ACS logs that ACS sees it come across as "do-exec" instead of just "do".  Using that, I have "do-exec" in the command field and "sh* run" in the argument field.  All good now!

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: ACS 5.x "do" commands in Command Set

Solved.

 

ACS sees all "do " commands as "do-exec".  By changing the command to "do-exec" and adding "sh* run" it fixed the issue.

View solution in original post

3 REPLIES 3
Highlighted

Re: ACS 5.x "do" commands in Command Set

Hi

Do command is present in IOS based device.If get error by trying to using if, probably have no support.

 

 

-If I helped you somehow, please, rate it as useful.-

Highlighted
VIP Advisor

Re: ACS 5.x "do" commands in Command Set

That's an interesting observation.  Not sure how ACS works but in ISE this is possible, since the command uses wildcards, and the arguments use regular expressions.  I tested this in ISE 2.3

 

ISE-TACACS-do.PNG

PASSED authorization examples:

sh runn

show ru

conf t

exit

do sh ru

do show clock

 

FAILED examples

do reload

show version

 

 

 

 

 

 

Highlighted
Beginner

Re: ACS 5.x "do" commands in Command Set

Solved.

 

ACS sees all "do " commands as "do-exec".  By changing the command to "do-exec" and adding "sh* run" it fixed the issue.

View solution in original post