Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
901
Views
0
Helpful
2
Replies

Cisco ACS command authorization sets

rod.blackie
Level 1
Level 1

‎12-07-2004 08:42 AM - edited ‎03-10-2019 01:55 PM

I need help on the following please.

1. - I am using ACS as TACACS server to control IOS authorization on all our Switches, However I can not deny telnet sessions to other devices from within CatOS - does anyone know the command authorization set to deny this within ACS ????

2. Does anyone know where I can read up on command authorizations sets for ACS ??

3. What is the debug command for CatOS to see cli output ?

Many thanks

Rod

Labels:
0 Helpful
2 Replies 2

risgro
Level 1
Level 1

‎12-07-2004 04:08 PM

For#1 - No idea on catOS

For #2 - http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697557

(only a bit of pattern matching)

For #3 you can look in TACACS+ Administration file or Failed Attempts active.csv on your ACS to what the AAA client is sending to the ACS for authorization

0 Helpful

rod.blackie
Level 1
Level 1
In response to risgro

‎12-08-2004 01:51 AM

Thanks for your info. I have solved my problem -

1. I enabled tacacs administration logging using command on switch aaa authorization commands 15 default group tacacs+

This let me see what what happening everytime I entered a command on CatOS - via the logging monitor on ACS. From here i was able to see that when i was trying to telnet to a device from CatOS it was doing it on Privilage mode 1. I then entered this command aaa authorization commands 1 default group tacacs+ which solved my telnet problem.

Problem resolved.

Many thanks.

0 Helpful
Customers Also Viewed These Support Documents