Use TACACS+ and command authorization. You will need to set up a generic command authorization set that allows all commands and one command authorization set that rejects any command except "show isdn active". You will also have to configure each net...

OK, first, in the Interface Configuration, make sure "Per-user TACACS+/RADIUS Attributes" is selected. Next in each of the user configurations that require special privilege configuration, go to "Advanced TACACS+ Settings" and under "TACACS+ Enable C...

You description implies that the SFS7000 is not encrypting the packets correctly. You should check with those folks to see if they know about this problem. This problem may be related to CSCse39550

To your first question: No.To your second question: Yes, use the "One-Time-Password Server" external database option. This is really nothing more than a RADIUS request from ACS.

Since you haven't accomplished any significant configuration at this point, I would recommend running the recovery CD and starting over. If you still encounter problems after completing a successful configuration, please contact the TAC.