cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

865
Views
0
Helpful
5
Replies
Highlighted
Beginner

Command Authentication within ACS 5.1

I have set up a new ACS 5.1 appliance and it seems to be going well.  I would like to be able to restrict access to the command SHOW CDP NEIGHBOR DETAIL to a specific group but continue to allow SHOW CDP NEIGHBOR.

I am able to either allow access to the SHOW CDP commands or deny them but am unable to get more granular with the command arguments.

Can anyone offer any suggestions?

Thanks for the assistance.

Paul Blake

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

this is my example which works fine

and the result

so it can be done

View solution in original post

5 REPLIES 5
Highlighted
Enthusiast

Can you post a screenshot of the command set definition?

Highlighted

this is my example which works fine

and the result

so it can be done

View solution in original post

Highlighted

That worked GREAT!!!  Thanks..  I think I was missing the final "s" when inputting the command into the ACS.  Show CDP Neighbor detail is different than show CDP neighbors detail.

Thanks again for you help.

Highlighted
Beginner

I have configured ACS 5.1 and im having issues with Commadn sets. Im trying to deny show cdp neighbors to some users. What priv level should they receive when they log in. I just cant get the command sets to deny any commands

Highlighted

I would do it in a different way.

create separate rule with additional condition of that separate user group and then as result assign them different command set.

I think its the easiest way

regards