Solved: Re: Command Authentication within ACS 5.1

p-blake · ‎08-03-2010

I have set up a new ACS 5.1 appliance and it seems to be going well. I would like to be able to restrict access to the command SHOW CDP NEIGHBOR DETAIL to a specific group but continue to allow SHOW CDP NEIGHBOR.

I am able to either allow access to the SHOW CDP commands or deny them but am unable to get more granular with the command arguments.

Can anyone offer any suggestions?

Thanks for the assistance.

Paul Blake

Przemyslaw Konitz · ‎08-10-2010

this is my example which works fine

and the result

so it can be done

View solution in original post

Javier Henderson · ‎08-06-2010

Can you post a screenshot of the command set definition?

Przemyslaw Konitz · ‎08-10-2010

this is my example which works fine

and the result

so it can be done

p-blake · ‎08-13-2010

That worked GREAT!!! Thanks.. I think I was missing the final "s" when inputting the command into the ACS. Show CDP Neighbor detail is different than show CDP neighbors detail.

Thanks again for you help.

Cisco SCC · ‎08-17-2010

I have configured ACS 5.1 and im having issues with Commadn sets. Im trying to deny show cdp neighbors to some users. What priv level should they receive when they log in. I just cant get the command sets to deny any commands

Przemyslaw Konitz · ‎08-17-2010

I would do it in a different way.

create separate rule with additional condition of that separate user group and then as result assign them different command set.

I think its the easiest way

regards