cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
377
Views
5
Helpful
1
Replies

Privilege access through ACS AD accounts

jhager001
Level 1
Level 1

I know how to put limitations on privilege levels on the network devices themselves. But we have a Cisco ACS that is integrated with AD for access. I haven't ventured too deep into AD yet, but i'm wondering if there is a simple way I can give my helpdesk access to run base level commands for example, show commands, and shut/no shut ports to recover from err-disable state. 

 

 

1 Reply 1

Andre Neethling
Level 4
Level 4

You can try the following:

Assign the show commands and Config commands to a privilege level.

Create an AD group for your Helpdesk staff

Assign the configured privilege level (eg Privilege 5) to the AD group with your TACACS

They should then only have access via TACACS to those commands specified.

HTH