01-20-2022 02:24 AM
Hi all,
Does anyone know if it's possible to get command authorzation working with Cisco Small Business Switches (SG350 & SG500)?
It works fine with Catalyst switches using command sets in ISE and config like the below on the switches:
aaa authorization commands 15 VTY_authorization group ISE_TACACS none
However, on the SG switches, there is no option for "aaa authorization".
I know I can use TACACS profiles to allow admins to have level 15 access and read-only users to only have level 1 access but I was hoping individual command authorization might work on these.
I suspect the answer is that it can't be done but does anyone know for absolutely sure?
Many thanks in advance,
Matt.
Solved! Go to Solution.
01-20-2022 11:40 AM
Thanks again @balaji.bandi. I too read the guide but it's not 100% clear.
I'm with you in that I believe this is a limitation of a Cisco small business switch rather than a full Enterprise level switch.
Cheers,
Matt.
01-20-2022 03:05 AM
You need to give access to Priv 15 and Limit the user to what command can only Authorised to use on that device.
This need to be done on Radius/TACACS side (in your case ISE)
01-20-2022 03:12 AM
Thank you for your response Balaji.
I am able to do this on a Catalyst switch with no issues at all.
The problem here is that the NADs are small business 'SG' switches which don't seem to support command authorization.
Do you know for sure that they do? Do you have a link or any sample config?
Thank you,
Matt.
01-20-2022 03:48 AM
Unfortunatly i do not any SMB Switches to test, i go with documentaion here : ( may be that is limitation enterprise vs SMB switches).
as per the admin guide check : check page 332
01-20-2022 11:40 AM
Thanks again @balaji.bandi. I too read the guide but it's not 100% clear.
I'm with you in that I believe this is a limitation of a Cisco small business switch rather than a full Enterprise level switch.
Cheers,
Matt.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: