Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1570
Views
5
Helpful
3
Replies

ISE Tacacs command set

DAVID
Level 3
Level 3

‎06-17-2021 11:03 AM

Can you have a permit command set to allow a help-desk user to shut/no shut a particular interface or a limited range of interfaces on a switch without giving them access to the entire conf t command.  What would the cmd and argument look like?

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎06-17-2021 01:30 PM

You need some elevated priv and restrict to commands

 

check below :

 

https://community.cisco.com/t5/network-access-control/ise-tacacs-command-set-for-all-interface-specific-subcommands/m-p/4141685

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

DAVID
Level 3
Level 3
In response to balaji.bandi

‎06-17-2021 02:08 PM

Unfortunately that link to the document did not really give me an example that I could use.  I have a cisco switch configured for Tacacs with a list of allowed commands in the Tacacs command set for the help-desk.  Basic commands like show and etc.  I'd like for them to have a limited access to shut/no shut specific interfaces on switches or perhaps would the menu option on the switch be a better option so that when they accessed the switch they would be presented with a list of items to choose from?

0 Helpful

Marcelo Morais
VIP
VIP

‎06-17-2021 03:24 PM

Hi @DAVID ,

 please take a look at: ISE 2.3 Device Administration (TACACS+)., check from 04'00" till 05'50", try to add the:

configure terminal
interface FastEthernet0/0
shutdown
no shutdown

 

Hope this helps !!!

Customers Also Viewed These Support Documents