Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
989
Views
0
Helpful
1
Replies

Configure authorization on tac_plus (Tacacs+)

ratha chum
Level 1
Level 1

‎04-29-2020 07:32 PM

group = netsupport {
default service = deny
acl = default
service = exec {
priv-lvl = 0
}
cmd = enable {
permit .*
}
cmd = show {
permit .*
}
cmd = exit {
permit .*
}
cmd = configure {
permit .*
}
cmd = interface {
permit Ethernet.*
permit FastEthernet.*
permit GigabitEthernet.*
}
cmd = switchport {
permit "access vlan.*"
permit "voice vlan.*"
permit "trunk allowed vlan.*"
}
cmd = description {
permit .*
}

cmd = no {
permit shutdown
}
}

 

above are permission I want to assign to support team to change configure on switch.

 

The problem is that when I allow them to use configure terminal command.

cmd = configure {
permit .*
}

Then they can do any thing on interface such as shutdwon interface, change mode on interface etc... and bellow permission is not effect.

cmd = switchport {
permit "access vlan.*"
permit "voice vlan.*"
permit "trunk allowed vlan.*"
}

as I want then can change VLAN only. I don't want to change port mode to access or trunk or shutdown vlan.

 

any help will be appreciate.

 

Thanks and regards,

Ratha

0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎04-29-2020 07:55 PM

Hi

Can you try changing the service level to 15 instead of 0?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card