cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

760
Views
0
Helpful
1
Replies
mvann
Beginner

ACS Command Set Examples

Hello all,

We have an ACS server that all of our network devices point back to. I'm trying to grant our support the ability to configure port-security on our switches. I've allowed them access to configure and access ports but I'm having a hard time getting ACS to permit them to remove a mac address. The command I'm trying to allow is the following.

"no switchport port-security mac-address sticky 000d.000e.000e"

Does somebody have an example of how to allow this command and permit the removal of any mac-address? Also, is there a repository of ACS command set examples around? I've done some searching but I haven't turned anything up.


Thanks

1 REPLY 1
Sam Hertica
Cisco Employee

Command set docs

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/pol_elem.html#wp1077595

I couldn't find any actual examples of it in use, which is some good food for thoughts for an external doc in the future.

But it should be pretty straight-forward, just have a command entry that's set for permit and the command being 'no switchport port-security mac-address sticky *'

The * would allow for any argument after sticky keyword.

If that doesn't work, what step of the process are you failing at? Can you get dropped into global config? Interface config?

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube