Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I want to restrict some users to "show running-config" command. I have created a Shell Command Authorization Set with "show" command "permit running-config". Under the TACACS+ setting the Shell (exec) is selected and Privilege level with a value of ...
I'm using:CiscoSecure ACS v3.0 for Windows 2000/NTRelease 3.0(1) Build 32My network routers and switches are from multiple vendors, Cisco, Extreme, and HP. Some of the equipment supports radius, some Tacacs, and some both protocols.I want to control...
I configured the commands that I want the users to be able to execute. I checked the box that deny and unmatched commands.Commands allowed:config - permit termhelptraceroutepingshow location logout
Jonathan,The 4th reply, by gfullage, in this conversation tells how to do this. gfullage recommends:Ensure that you have at least one other user that has no command restrictions set, or better yet, do the following: > aaa authentication login console...
Here is the login session and debug. I have allowed "config" with "permit term" and "location".I don't want the user to access the interfaces or lines.Login:Unauthorized access is strictly prohibited! User Access VerificationUsername: usernamePasswo...
I've added aaa authorization config-commands to no avail. I assume it will authorize config-commands against the command authorization set.The only config-command that I have in the command authorization set is "location"
