cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
604
Views
0
Helpful
1
Replies

restrict aaa access using command authorization windows acs3.6

lstrauch
Level 1
Level 1

i need to enable aaa users to shut and unshut interfaces but nothing else. i already have all the users and groups setup but when i modify the command auth set to include "configure" "permit term" they are given unrestricted access.

any help appreciated

1 Reply 1

gfullage
Cisco Employee
Cisco Employee

On the router there's a:

aaa authorization config-commands

command, make sure you have that in. You then have to set up command authorization on the TACACS server to allow "interface permit any", "shutdown" and "no shutdown" commands.