Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
1
Replies

prevent excecuting commands

vos123
Level 1
Level 1

‎11-10-2004 12:40 PM - edited ‎03-10-2019 01:53 PM

We have a tacacs+ 3.2 server running on windows.

What do i need to prevent users excecuting commands like 'reload' and 'sh ip route' on the enable level.

and commands in the config mode ('no ip router bgp').

I'm looking for examples of configs on the router.

But most of all, how do I configure the tacacs+ server.

Greetings

Jeroen

Labels:
0 Helpful
1 Reply 1

cdwyer
Level 1
Level 1

‎11-10-2004 01:24 PM

You will need to create a Shell Command Authorization Set. That is located Shared Profile Components/ Shell Command Authorization Sets. After you create a Shell Command Authorization Set, you need to apply it to the group that the user is a member of. On the router, you need to make sure it checks with the ACS server for every command entered. That is done with the command:

aaa authorization commands 15 default group tacacs+ none

0 Helpful
Customers Also Viewed These Support Documents