Solved: ACS 5.x "do" commands in Command Set

MICHAEL BURNS · ‎11-20-2017

I am having an issue allowing "do" show commands in the command set.

Specifically I want users to be able to issue:

"do show run interface *"

I cannot get the "do" portion to work. Would I have "do show" in the command portion? Or would I just have "do" in the command portion and "show run interface *" in the argument portion?

***Edit***

I found in ACS logs that ACS sees it come across as "do-exec" instead of just "do". Using that, I have "do-exec" in the command field and "sh* run" in the argument field. All good now!

MICHAEL BURNS · ‎11-20-2017

Solved.

ACS sees all "do " commands as "do-exec". By changing the command to "do-exec" and adding "sh* run" it fixed the issue.

View solution in original post

Flavio Miranda · ‎11-20-2017

Hi

Do command is present in IOS based device.If get error by trying to using if, probably have no support.

-If I helped you somehow, please, rate it as useful.-

Arne Bier · ‎11-20-2017

That's an interesting observation. Not sure how ACS works but in ISE this is possible, since the command uses wildcards, and the arguments use regular expressions. I tested this in ISE 2.3

PASSED authorization examples:

sh runn

show ru

conf t

exit

do sh ru

do show clock

FAILED examples

do reload

show version

MICHAEL BURNS · ‎11-20-2017

Solved.

ACS sees all "do " commands as "do-exec". By changing the command to "do-exec" and adding "sh* run" it fixed the issue.