Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
547
Views
0
Helpful
0
Replies

TACACS authorization commands

tedauction
Level 1
Level 1

‎05-26-2018 03:48 PM - edited ‎03-08-2019 03:09 PM

Hello, I have TACACS configured to authorize commands. However I notice that not all commands are being sent to the TACACS server for authorization.

What is the rule that governs whether a CLI command is sent to TACACS for authorization?

Does IoS only send certain commands to TACACS for authorization ?

As an example, I notice that the following two command do not get sent to TACACS however most other show commands do.

show class-map
show policy-map

 

Here is my TACACS configuration:

aaa new-model

aaa authorization console

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+

enable aaa authorization exec default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

ip tacacs source-interface Vlanx

tacacs-server host 10.21.250.212

tacacs-server timeout 10

tacacs-server key <xxx

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents