cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1293
Views
5
Helpful
3
Replies

ISE Tacacs command set

DAVID
Level 3
Level 3

Can you have a permit command set to allow a help-desk user to shut/no shut a particular interface or a limited range of interfaces on a switch without giving them access to the entire conf t command.  What would the cmd and argument look like?

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

You need some elevated priv and restrict to commands

 

check below :

 

https://community.cisco.com/t5/network-access-control/ise-tacacs-command-set-for-all-interface-specific-subcommands/m-p/4141685

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Unfortunately that link to the document did not really give me an example that I could use.  I have a cisco switch configured for Tacacs with a list of allowed commands in the Tacacs command set for the help-desk.  Basic commands like show and etc.  I'd like for them to have a limited access to shut/no shut specific interfaces on switches or perhaps would the menu option on the switch be a better option so that when they accessed the switch they would be presented with a list of items to choose from?

Hi @DAVID ,

 please take a look at: ISE 2.3 Device Administration (TACACS+)., check from 04'00" till 05'50", try to add the:

configure terminal
interface FastEthernet0/0
shutdown
no shutdown

 

Hope this helps !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: