Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
1
Replies

Using NAR's to restict access to commands

dsc
Level 1
Level 1

‎12-08-2005 01:42 PM - last edited on ‎03-25-2019 05:23 PM by Community Manager

I have the following aaa commands on my devices

aaa new-model

aaa authentication login default group tacacs+ line

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

NOw I created a NAR to restrict (or permit) certain show commands. I have also created a separate grp. that has this NAR in it's settings.

But I notice that it does not stop any of the other commands (that I have specifically denied ) or even the unmatched arguments (box not checked)

So my question is, are my aaa commands on my device overriding these NAR's?

I tried it without the "if-authenticated" for the authorization lines but that did not help.

Any help will be greatly appreciated.

Thanks,

Labels:
0 Helpful
1 Reply 1

Not applicable

‎12-14-2005 12:10 PM

I think it is essential to configure if-authenticated command for proper working of TACACS.

0 Helpful
Customers Also Viewed These Support Documents