Solved: Tacacs+

abuhwra · ‎02-12-2019

hello,

I need some help please,

I configured tacacs+ in a clearbox and I configured one cisco switch testing. I have created some users and all of them can login to the switch.The problem is that all of them can access to configuration terminal which is privilege 15 but I need some of them to do show commands only !!

my regads

Salim

Damien Miller · ‎02-12-2019

I have no experience with Clearbox, and this would probably be a better question for their support team/forums.

As an example, to do this with Cisco ACS or ISE you create an authorization rule that provides a limited command set and shell profile. You typically identify and match on the users AD group or local account group membership in combination with the device types/locations.

You then create a second authorization rule for the same devices providing rear/write access with it's own associated command set and shell profile.

You need to figure out how Clearbox implements authorization rules, command sets, and shell profiles.

View solution in original post

Damien Miller · ‎02-12-2019

I have no experience with Clearbox, and this would probably be a better question for their support team/forums.

As an example, to do this with Cisco ACS or ISE you create an authorization rule that provides a limited command set and shell profile. You typically identify and match on the users AD group or local account group membership in combination with the device types/locations.

You then create a second authorization rule for the same devices providing rear/write access with it's own associated command set and shell profile.

You need to figure out how Clearbox implements authorization rules, command sets, and shell profiles.