Hi every one there,
I am not new to ACS business, but this is the first time I am about to configure ACS 5.3 to authorize user group from doing some commands in the "configure mode" while permitting them some other commands. As example, I want to deny them from doing "reload" but give them access to configure "time-range", what happen is, they are denied access to "reload" on the exec mode, but once they went into "configure" mode, they would be able to "do reload"
I mean to say, is it possible to manage the subsequent commands to "configure terminal" ?
Solved! Go to Solution.
Like Jagdeep replied above, if you use that command on the IOS device (switch or router) then once you are on privileged mode you'll have all commands permitted.
You have to configure the ACS however to restrict access to the reload command for users in the enable mode.
This example will help you if you don't have an idea about the configuration already:
Rating useful replies is more useful than saying "Thank you"
Thanks Jagdeep, yes I am applying the commands to an IOS device. I have added your magic aaa authorization config-command to IOS device aaa policy and tested it, looks great. Thank you very much.