Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
0
Helpful
1
Replies

Read only , and read write authorization from acs/juniper radius

mirehteshamali
Level 1
Level 1

‎04-09-2012 01:36 AM - edited ‎03-10-2019 06:59 PM

Hi all,

we have a large detabase of cisco routers and swithches , we want to have a radius authentication and athorizaion level set to read only and (rd , rw) for certain users.

ie for company employees read write access and for outside auditors/consultants read only access .

how do i do it with Radius on ACS and juniper/radius  .

Any links for cisco routers config will be highly appreciated.

Labels:
0 Helpful
1 Reply 1

Eduardo Aliaga
Level 4
Level 4

‎04-09-2012 09:04 AM

I would recommend to use TACACS+ instead of RADIUS.

Depending on your network device, in ACS you can use "command authorization sets" (when using traditional IOS) or "shell profiles" (when using Cisco IOS XE, IOS XR, Cisco ACE, Juniper JunOS, etc).

For read only you can deny the "config terminal" command. For read write you can allow the "config terminal" command.

Here's an example of allowing/denying commands by using "command authorization sets".

PLease rate if it helps. Kind regards.

0 Helpful
Customers Also Viewed These Support Documents