Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
782
Views
0
Helpful
3
Replies

Tacacs command set cisco ise

Ramzan
Level 1
Level 1

‎06-13-2022 12:36 PM

Dear genius.

 

i am trying to restrict shutdown command under fastethernet interfaces of switch but want to allow shutdown command under gig interfaces. How will i achieve this?

is this possible or not?

 

please tell me Grant, Command and arguments for my query.

 

 

0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎06-13-2022 02:10 PM

https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113590-acs5-tacacs-config.html

 

I am new in AAA but I read before that TACACS can do control the commend available for each user.
please see link.
hope this help you

0 Helpful

Ramzan
Level 1
Level 1
In response to MHM Cisco World

‎06-13-2022 10:47 PM

Dear MHM, 

 

i am not asking how to control AD user access using ISE. The link which you shared i know thag thing. My question was how to provide a user deny and permit access for doing shutdown at same time under different interfaces of switch.

please read my question again.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎06-14-2022 02:22 AM

This is required more of testing tweaking of shell profile : @MHM Cisco World concept suggested was on ACS. but ISE  side also work as same.

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200208-Configure-ISE-2-0-IOS-TACACS-Authentic.html

 

Watch this video get more idea, how you can do shell authorisation customisation.

 

https://www.youtube.com/watch?v=DlzALGHZ0o4

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents