Hello everyone,
I would like to use TACACS command authorization to allow our help desk personal to run specific show commands so that they are better able to support the network without having to always contact the network team with basic inquiries.
Currently, I have TACACS command authorization working for the help desk team and the network admin team. The Help Desk team is only allowed to run a few show commands while the network admin team is able to run any command.
Now the issue is that when we run scripts or input a large configuration into the switches using the network admin group the scripts take away too long to finish.
So basically I want to disable TACACS command authorization for only the network admin group, while still keeping it enable for the help desk group. When you think about it the network admin group is allowed to run all commands, so having TACACS command authorization enabled for this group does not provide any additional value.
NOTE: I would still want to keep accounting working for all commands input into the switches.
Is there any way to get this done?
Thank you in advance for your assistance.