Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2381
Views
0
Helpful
4
Replies

Command authorisation set on SecureACS

kkeen
Community Member

‎07-20-2005 09:27 PM

Guys, I'm hoping you can assist. I've defined a group for some level 2 engineers within ACS, however I want to be able to grant access for these guys to 'create' sub interfaces and have full control over those, but I do not want them to have control over the Physical interface (ie, disable shutdown and encapsulation commands as to not bring down the sub interfaces)

Does anyone have a idea how this can be achieved?

I added a deny interface e0/0

then added permit interface, however this did not work

Ideas?

Thanks in advance!

Labels:
0 Helpful
4 Replies 4

b.hsu
Level 11
Level 11

‎07-26-2005 11:14 AM

I think this cannot be achieved using command authorisation, you need to have physical control over the boxes for this.

0 Helpful

kkeen
Community Member
In response to b.hsu

‎07-26-2005 02:32 PM

Damn - does anyone else have any input? I'd really like to achieve this if possible

0 Helpful

472189
Community Member

‎07-27-2005 12:35 PM

Do you have config command autorization configured on the device??

0 Helpful

kkeen
Community Member
In response to 472189

‎07-27-2005 02:21 PM

Indeed I do because I am using ACS to control access to various commands - its just I want to extend this control to limit physical interfaces only, not logical

0 Helpful
Customers Also Viewed These Support Documents