cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

437
Views
0
Helpful
2
Replies
Highlighted
Beginner

need to allow single command by command set

Hi,

I have ACS 5.1, I have created a user with privilege 15. I need to allow a single command buy command set.

I have configured command set. in command set setting i have unchecked "Permit any command that is not in the table below"

and added command as below.

Grant      Command          Argument

Permit        clear               counters

its allowing me  to run clear counters,

good is its not allowing to show run and conf t commands

And problem is i can run reload command also even show interface commands

I just want to allow clear counters command only. Am i missing anything plz help.

2 REPLIES 2
Highlighted
Advocate

Can you paste the show run | inc aaa, also can you post the results in the tacacs authenticaiton report, which shows which command set the user is being mapped. Please post a screenshot of the authorization profile. Then finally can you post a screenshot of the command set you configured.

Tarik Admani
*Please rate helpful posts*

Highlighted

Hie Tarik

Sorry for late reply

below is the aaa configuration i have done

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default enable

aaa authorization exec default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

There is a default configuration in authorization profile, I haven't changed any thing there.

I have attched the command set snap, Please find it.