cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1091
Views
4
Helpful
6
Replies

Command Authorization in ACS

waridtel.com
Level 1
Level 1

Hi,

Can anybody tell me how can I permit only ping command to a group in ACS. What is the actual statement that I want to add in command authorization sets.

6 Replies 6

premdeep.banga
Level 1
Level 1

Hi,

Please refer the attachment for detail.

After you have gone through the attachment, Being specific to your question,

ping---------------(Check the check box for "Permit unmatched Args")

Regards,

Prem

Hi,

Thanks a lot.

Do rate if that helps.

;)

Regards,

Prem

Hi Prem,

Can you let me know how can i restrict a group from adding a route. I have the following configured on the ACS under shell authorization

configure ......permit terminal

interface ......permit fastethernet (permit Unmatched arg)

show............permit vlan

switchport......permit access &

permit vlan

With the above configuration iam still able to add a route to the config

Also i would like to know the wildcard to be used for enabling all the fastethernet or Ge ports

thanks in advance

Narayan

Narayan,

This command will help in restricting the route addition :-

aaa authorization config-commands

Command authorization does not apply to configuration mode automatically. So we need to enable it using the above command.

Hi Vivek,

I had the command in my configuration.

Actually i had missed the command

aaa authorization commands 15 default group tacacs+ local

Thanks

Narayan