11-01-2019 09:58 AM - edited 02-21-2020 11:11 AM
Current Scenario-
Network engineer have TACACS (r/w) access so there is possibility authorized engineer can do not schedule or without record change , which can cause outage .
Since engineer have authorized to do make change they do changes and unfortunately brings outages.
Need help on -
What if Engineer’s TACACS write access enabled only in change window ?
Is it possible ? we are using snow ticketing solution and there is stages of change record like New->schedule->implement.
As per change window timing TACACS will be in write mode else always in read mode.
So any change owner whose change comes in Implement stage can do the change because at that time only write access would enable.
Can anyone please suggest if it is possible in traditional way of ACS configuration ?
we are not using ISE Solution as of now.
Solved! Go to Solution.
11-06-2019 08:58 PM
Similar to ISE, ACS 5.8 appears also have Date and Time Conditions. In case the maintenance windows are always on specific days and hours (e.g. Sunday 12:01 midnight to 06:00 AM), it's not so bad to use date/time conditions. And, you may combine it by user group memberships, which might possibly be updated via API.
11-02-2019 09:01 PM
11-03-2019 12:04 AM
11-04-2019 08:06 PM
11-06-2019 08:58 PM
Similar to ISE, ACS 5.8 appears also have Date and Time Conditions. In case the maintenance windows are always on specific days and hours (e.g. Sunday 12:01 midnight to 06:00 AM), it's not so bad to use date/time conditions. And, you may combine it by user group memberships, which might possibly be updated via API.
11-09-2019 05:11 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide