Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
0
Helpful
3
Replies

Restrict Single Interface ACS 5.4

deanlee10
Level 1
Level 1

‎07-10-2013 05:22 AM - edited ‎03-10-2019 08:38 PM

Hello,

I am running ACS 5.4.0.46.4.  I am creating command sets to restrict access for a certain group of users.  Is there any way to restrict them from accessing a specific interface (Gi1/1/1 for instance)?  I tried putting a "deny interface GigabitEthernet1/1/1" into the command set rules, but I am still able to access that interface?

Labels:
0 Helpful
3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

‎07-10-2013 05:34 AM

Please post the screen shot of command set that you have created on ACS under policy elements.

From the end network device, get the following o/p

-debug tacacs

-debug aaa authen

-debug aaa author

-show run | in aaa

From  ACS 5.4 > monitoring and logging > tacacs authorization > find the user failed attempt > clcik on the magnifying glass in front of it and attach the screen shot of that page.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

deanlee10
Level 1
Level 1
In response to Jatin Katyal

‎07-10-2013 05:56 AM

Actually I figured it out.  I left out the space between the interface type (Gi) and number (1/1/1) in the argument.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to deanlee10

‎07-10-2013 06:01 AM

Alright, that's a good news.

Here is a link to configure command authorization on ACS 5. You may want to bookmark it.

http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bc8514.shtml#ade

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful
Customers Also Viewed These Support Documents