We use CPPM with Cisco switches. I'm trying to create a local user with TACACS that has the ability to do the "show run" command on the switch. For some reason I can't seem to get any "show" commands to work. Any other command I've specified, works. I've even assigned the user a privilege level of 15 with no dice.
Did you try using privilege level 1?
I've tried, 1,2,3,6,7,8,9,14, and 15.
This is the only way I've been able to get it to work, give the user privilege level 15, and permit the "show" command. Only problem is that I don't want to permit every show command. Apparently I can't lock this down enough.
Isn't that what I'm doing in the commands tab of the Enforcement Profile? Setting which commands are allowed or denied?
This is what I do. I allow 'show run interface blah' but not 'sh run', etc.
I deny by default and then specify what I want to allow but you can allow by default and list what you want to restrict.
Thanks. That's pretty much what I've come to the conclusion of doing. I used yours as a template to clean up how I had mine though. Thanks.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.