ā01-20-2022 02:24 AM
Hi all,
Does anyone know if it's possible to get command authorzation working with Cisco Small Business Switches (SG350 & SG500)?
It works fine with Catalyst switches using command sets in ISE and config like the below on the switches:
aaa authorization commands 15 VTY_authorization group ISE_TACACS none
However, on the SG switches, there is no option for "aaa authorization".
I know I can use TACACS profiles to allow admins to have level 15 access and read-only users to only have level 1 access but I was hoping individual command authorization might work on these.
I suspect the answer is that it can't be done but does anyone know for absolutely sure?
Many thanks in advance,
Matt.
Solved! Go to Solution.
ā01-20-2022 11:40 AM
Thanks again @balaji.bandi. I too read the guide but it's not 100% clear.
I'm with you in that I believe this is a limitation of a Cisco small business switch rather than a full Enterprise level switch.
Cheers,
Matt.
ā01-20-2022 03:05 AM
You need to give access to Priv 15 and Limit the user to what command can only Authorised to use on that device.
This need to be done on Radius/TACACS side (in your case ISE)
ā01-20-2022 03:12 AM
Thank you for your response Balaji.
I am able to do this on a Catalyst switch with no issues at all.
The problem here is that the NADs are small business 'SG' switches which don't seem to support command authorization.
Do you know for sure that they do? Do you have a link or any sample config?
Thank you,
Matt.
ā01-20-2022 03:48 AM
Unfortunatly i do not any SMB Switches to test, i go with documentaion here : ( may be that is limitation enterprise vs SMB switches).
as per the admin guide check : check page 332
ā01-20-2022 11:40 AM
Thanks again @balaji.bandi. I too read the guide but it's not 100% clear.
I'm with you in that I believe this is a limitation of a Cisco small business switch rather than a full Enterprise level switch.
Cheers,
Matt.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide