Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1454
Views
0
Helpful
2
Replies

Wildcard mask in Shell Command Authorization Set?

ccoutts
Level 1
Level 1

‎11-17-2004 08:51 AM - edited ‎03-10-2019 01:53 PM

Under Shared Profile Components/Shell Command Authorization Sets in ACS, is it possible to enter a wildcard for further arguments.

For example, say you want to permit show cam [+ all arguments], is it possible to configure show, then 'permit cam *' as the argument?

Thanks

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎11-17-2004 09:06 PM

Sure. Just tested this on my ACS 3.2 server with the following config:

AAA client:

aaa new-model

aaa authentication login default tacacs

aaa authorization commands 1 default group tacacs

ACS Shell Command Set:

Unmatched Commands = Deny

Command = show

Permit unmatched args = no

args = permit ip *

This then allows me to do "sho ip int brief" and "sho ip http server all" to name a couple, but doesn't allow me to do "sho ver".

Hope that helps.

0 Helpful

ccoutts
Level 1
Level 1
In response to gfullage

‎11-19-2004 01:16 PM

Thanks very much.

Best regards,

Charles

0 Helpful
Customers Also Viewed These Support Documents