cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1026
Views
0
Helpful
1
Replies

permitting specified commands only

sivakondalarao
Level 1
Level 1

Hi,

We have TACACS enabled in our routers. I wanted to restrict user access to only particular commands. I am providing those commands below.

Router#term len 0

Router#sh clock

Router#sh ip int br

Router#sh env all

Router#sh int s0/0

Router#sh int s0/1

Router#ping 10.30.250.137

Router#conf t

Router(config)#int se0/0

Router(config-if)#no backup int br0/0

Router#exit

Router#isdn call int bri 0/0 22861600

Router#sh isdn a

Router#sh isdn status

Router(config)#int se0/0

Router(config-if)#backup int bri0/0

Router#sh int bri0/0

Router#sh run

Nothing more than these commands should be allowed for configuration. Can someone advice me for required configuration in Router as well as cisco ACS.

Regards

SKRAO

1 Reply 1

ganangia
Level 1
Level 1

login to the cisco ACS, and under the Shared Profile Components, please select "Shell Command Authorization Sets". Create one and apply it to the user.