Re: TACACS authentication

ahmad-sajjad · ‎11-16-2008

I have configured TACACS and I am able to logon to cisco devices successfully using TACACS user ID and password. I need to create another group ad assign users to new group just to run SHOW RUNNING-CONFIG command only.

any idea?

Regards

cisco24x7 · ‎11-16-2008

You need authorization for that. In freeware

TACACS, you need something like this:

user = adv {

member = advanced

name = "Advanced User"

# login = des DJVS9kfrcLbus

}

user = $adv$ {

member = advanced

name = "Advanced User"

# login = des W/3UA7J1cz3sQ

}

group = advanced {

cmd = show { permit .* }

cmd = copy { permit flash }

cmd = copy { permit running }

cmd = ping { permit .* }

cmd = configure { permit .* }

cmd = enable { permit .* }

cmd = disable { permit .* }

cmd = telnet { permit .* }

cmd = disconnect { permit .* }

cmd = where { permit .* }

cmd = set { permit .* }

cmd = clear { permit line }

cmd = exit { permit .* }

}

Easy right?

ahmad-sajjad · ‎11-16-2008

Thanks for the reply. I am useing Cisco ACS 4.2. Any other suggestion?

Regards

Sajjad

chaitu_kranthi · ‎11-16-2008

Hi,

Use the below cisco link. it will help you to meet your requirement.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

Rate me if it helps to you.