Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
1
Replies

permitting specified commands only

sivakondalarao
Level 1
Level 1

‎01-04-2007 02:30 AM

Hi,

We have TACACS enabled in our routers. I wanted to restrict user access to only particular commands. I am providing those commands below.

Router#term len 0

Router#sh clock

Router#sh ip int br

Router#sh env all

Router#sh int s0/0

Router#sh int s0/1

Router#ping 10.30.250.137

Router#conf t

Router(config)#int se0/0

Router(config-if)#no backup int br0/0

Router#exit

Router#isdn call int bri 0/0 22861600

Router#sh isdn a

Router#sh isdn status

Router(config)#int se0/0

Router(config-if)#backup int bri0/0

Router#sh int bri0/0

Router#sh run

Nothing more than these commands should be allowed for configuration. Can someone advice me for required configuration in Router as well as cisco ACS.

Regards

SKRAO

Labels:
0 Helpful
1 Reply 1

sundar.palaniappan
Level 10
Level 10

‎01-04-2007 05:35 PM

SKRAO,

Here's a CCO example of how to assign privilege levels for users with TACACS. As you can see, most of the configuration is done on the router, assigning the commands to a certain privilege level, and then configuring the ACS (TACACS) to assign the user to that privilege level for authorization.

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml#t2

Let us know if you have any specific questions about the configuration.

HTH

Sundar

0 Helpful
Customers Also Viewed These Support Documents