Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1401
Views
0
Helpful
1
Replies

CatOS and ACS3.2

lomine
Level 1
Level 1

‎12-17-2003 08:54 AM - edited ‎03-10-2019 07:36 AM

Hello !!!

I'm trying to use authorization on CatOS switchs whith TACACS+ and ACS 3.2;

Authentication and accounting works normally, but authorization is my problem.

I want configure the switchs (running CatOS) to permit and deny via ACS some commands (eg. permit show conf, clear counters; deny show cdp neig and some set "argument" commands), but i don't acquiring the desired results. On the routers running IOS, i get sucess on aaa using the same group on ACS.

ACS is configured to use group settings, enable options checked to use max privileges for cliente (priv 15), TACACS+ settings using "shell (exec)" and some commands to permit and deny.

If i use the switch configuration(below), only configuration commands are denied and all show commands are permited.

set authentication login tacacs enable console primary

set authentication login tacacs enable telnet primary

set authentication login tacacs enable http primary

set authentication enable tacacs enable telnet primary

...

set authorization exec enable tacacs+ none telnet

set authorization enable enable tacacs+ none telnet

set authorization commands enable config tacacs+ none telnet

Help me please !!!! Tks.

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎12-24-2003 07:32 AM

A couple of documents for you to checklist:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_1/confg_gd/authent.htm

Configuring 802.1x authentication on CAT OS switches

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_1/confg_gd/8021x.htm

0 Helpful
Customers Also Viewed These Support Documents