Solved: Trying to block "configure terminal" on the ACS 5.3

milton oliveira vieira · ‎02-05-2016

Hi friends!

I'm trying to block users to use the command "configure terminal" using the ACS 5.3, but so far it's not working properly.

On the same Command-Set, if I put any other command (like reload, telnet) and choose Deny, it works fine, but to block the user to enter in configuration mode I'm not able to block yet.

I really appreciate if someone here can help me or if already have passed for this situation.

Thank you!

MOV

Jatin Katyal · ‎02-09-2016

On the ACS, please use "Deny Configure" and leave the field argument blank. Delete other similar command sets.

On the IOS side, make sure you have

aaa authorization config-commands

~Jatin

View solution in original post

Jatin Katyal · ‎02-10-2016

Yw & you've a great day too.

~ Jatin

~Jatin

View solution in original post

Jatin Katyal · ‎02-09-2016

On the ACS, please use "Deny Configure" and leave the field argument blank. Delete other similar command sets.

On the IOS side, make sure you have

aaa authorization config-commands

~Jatin

milton oliveira vieira · ‎02-10-2016

Hi Jatin Katyal!!

I did the test and it is working perfect!!

Really the debug, I could see that router sends the command "configure" when I type "conf, conf t or config", but how I had these parameters inside de command set, I thought it could work.

I really appreciate your help and I hope you've a great day!!

Jatin Katyal · ‎02-10-2016

Yw & you've a great day too.

~ Jatin

~Jatin

ashrafhelal3350 · ‎06-15-2020

Hi all
i have the same issue but with ISE 2.6 and with above command.
can anyone know how to do that on the ISE?