Does anyone know if it's possible to get command authorzation working with Cisco Small Business Switches (SG350 & SG500)?
It works fine with Catalyst switches using command sets in ISE and config like the below on the switches:
aaa authorization commands 15 VTY_authorization group ISE_TACACS none
However, on the SG switches, there is no option for "aaa authorization".
I know I can use TACACS profiles to allow admins to have level 15 access and read-only users to only have level 1 access but I was hoping individual command authorization might work on these.
I suspect the answer is that it can't be done but does anyone know for absolutely sure?
Many thanks in advance,
Solved! Go to Solution.
Thank you for your response Balaji.
I am able to do this on a Catalyst switch with no issues at all.
The problem here is that the NADs are small business 'SG' switches which don't seem to support command authorization.
Do you know for sure that they do? Do you have a link or any sample config?
Unfortunatly i do not any SMB Switches to test, i go with documentaion here : ( may be that is limitation enterprise vs SMB switches).
as per the admin guide check : check page 332