cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3372
Views
35
Helpful
5
Replies

Want to enable command running-config for read only users

Hello Everyone,

 

I would I like to enable show running-configuration or Show configuration for read only users through ISE.

 

I am new to ISE, please help me on this. 

we have two privilege in ISE, one is Full access and another is read only. Read only users unable to see running config. We need to enable this specific command. How can I do for Cisco switches.

 

by the way we are multi vendor network. Want to enable display current-configuration command for HP switches as well. 

please help me on ISE config or any command want to configure in switches ??? Please help me. Thanks!!!

 

Regards,

Chandhuru

Thanks and regards, Chandhuru.M
1 Accepted Solution

Accepted Solutions

Rich R
VIP
VIP

http://www.labminutes.com/sec0206_ise_20_tacacs_device_admin_command_authorization_1

https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-configuration-examples-list.html

https://community.cisco.com/t5/network-access-control/command-authorization-by-ise/td-p/3577202

 

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

show run is a bit tricky to achieve with read-only - it required higher privileges

 

i suggest to easy achieve is - user with 15 priv and lock the user to only show run command (or any other command you like (not config t)

 

https://bluenetsec.com/priv-level-15-with-cisco-ise/

 

 

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks Balaji!!!

 

It is working for Cisco devices.

 

For as HP switches, if we set privilege as 15 then it didnt checking command sets. Do you have any idea for that?

Thanks and regards, Chandhuru.M

Chandhuru sekaran marimuthu, This thread is a dup of your other discussion Want to enable command running-config for read only users.

Please read the response from the other thread.

The example from Privilege Level 15 with Cisco ISE | Blue Network Security (bluenetsec.com) is using RADIUS and the command sets are for T+ only. Device administration is very specific to the network devices. Please consult with the admin guides or other info on the particular HP switches for available options and how to implement them.

Rich R
VIP
VIP

http://www.labminutes.com/sec0206_ise_20_tacacs_device_admin_command_authorization_1

https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-configuration-examples-list.html

https://community.cisco.com/t5/network-access-control/command-authorization-by-ise/td-p/3577202