Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
167
Views
5
Helpful
1
Replies

Privilege access through ACS AD accounts

jhager001
Beginner
Beginner

‎08-26-2015 04:20 PM - edited ‎03-08-2019 01:32 AM

I know how to put limitations on privilege levels on the network devices themselves. But we have a Cisco ACS that is integrated with AD for access. I haven't ventured too deep into AD yet, but i'm wondering if there is a simple way I can give my helpdesk access to run base level commands for example, show commands, and shut/no shut ports to recover from err-disable state. 

 

 

Labels:
0 Helpful
1 Reply 1

Andre Neethling
Enthusiast
Enthusiast

‎08-27-2015 10:54 PM

You can try the following:

Assign the show commands and Config commands to a privilege level.

Create an AD group for your Helpdesk staff

Assign the configured privilege level (eg Privilege 5) to the AD group with your TACACS

They should then only have access via TACACS to those commands specified.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents