Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1935
Views
0
Helpful
10
Replies

TACACS

naqibsafi
Level 1
Level 1

‎05-31-2022 03:10 AM

hi everyone 

i configure AAA all command deny and permit working will but the specific interface not be deny 

 

Preview file
24 KB
Preview file
24 KB
Preview file
32 KB
0 Helpful
10 Replies 10

marce1000
VIP
VIP

‎05-31-2022 03:30 AM

 

              - On which platform(/model) are you trying this ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

naqibsafi
Level 1
Level 1
In response to marce1000

‎05-31-2022 09:53 PM

i use ISE 3.1

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎05-31-2022 03:32 AM

That should work, what ISE version, waht Device is this :

 

check other example as below :

How do you create TACACS+ policies that can be applied to the Network device?

 

https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-device-admin-policy-sets

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

naqibsafi
Level 1
Level 1
In response to balaji.bandi

‎05-31-2022 09:53 PM

i use ISE version 3.1

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎06-01-2022 08:13 PM

The argument for the interface should replace / with a space character and G should be in capital, like this:

 

GigabitEthernet 1 0 1

 

0 Helpful

naqibsafi
Level 1
Level 1
In response to hslai

‎06-01-2022 10:58 PM

I try that command also but not work 

Preview file
46 KB
0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to naqibsafi

‎06-02-2022 09:21 AM

Check the T+ livelog or reports and see how the command is coming in as. You may also try capturing the packets and then AskF5: K40341514: How to decrypt the encrypted portion of TACACS+ traffic.

0 Helpful

naqibsafi
Level 1
Level 1
In response to hslai

‎06-04-2022 12:06 AM

T+ live log

Preview file
134 KB
0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to naqibsafi

‎06-05-2022 03:57 PM

Try 

GigabitEthernet 1\/0\/1

 

marce1000 asked you earlier

> On which platform(/model) are you trying this ?

 

I tried it in one of our lab pods with a Cisco Catalyst 3650 on IOS-XE 3.6.10E and ISE able to reject a command as expected.

I used two command sets when the user logged-in:

1) helpDeskCmds

Screen Shot 2022-06-05 at 15.50.47.png

2) iosSecCmds

Screen Shot 2022-06-05 at 15.52.22.png

When the user issued a command like "interface g1/0/2" and the authZ failed.

3k-access#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
3k-access(config)#interface g1/0/2
Command authorization failed.

The switch I tested sent the command as "interface GigabitEthernet 1 0 2"

 

0 Helpful

naqibsafi
Level 1
Level 1
In response to hslai

‎06-08-2022 12:43 AM

i try that command in switch 3850 and 3750 

Preview file
7 KB
Preview file
4 KB
Preview file
90 KB
0 Helpful
Customers Also Viewed These Support Documents