what i currently have doesn't work. You can see in the picture i tried to deny access to interface gigabitethernet 1/0/21 through 25. I've tried ? and * and 1/0/[21-25]. I'm hoping to not have to enter every interface to allow or disallow access to including vlan interfaces.
Pic to show where im at.
have you tried:
This would be a standard pattern match.
just tried it and it doesn't work. adding just gigabitethernet 1/0/21 works. as soon as wildcards are in place it fails.
Agreed. I've had a TAC case open since yesterday and had my SE onsite and still haven't had this one question answered.
Ok with a little help from some Aruba friends i was able to get this working.
Cisco switch side must have.
aaa authorization config-commandsaaa authorization commands 1 default group tacacs+ noneaaa authorization commands 15 default group tacacs+ nonekeep in mind depending on the command you want to restrict you may need all commands 1 - 15 in your cisco config.
In your enforcement profile
selected service = shell
privilege level = 15
In your commands tab
service type = shell
check enable to permit unmatched commands.
command = show
argument = version
leave the rest default click save and test.
*edit* forgot to mention the wildcards.
The wildcard is .* (period star)
so GigabitEthernet 1/0/.* cover all ports on switch 1.
While trying to setup a restricted command set for our NOC on a cisco 3850 I found that I couldnt match on GigabitEthernet 1/1/1. After some debuggin and a packet capture with the help of TAC it was discovered that CPPM wanted to see GigabitEthernet 1 1 1. No slashes. Hope this helps someone. In the pic i have the wildcard setup for Gi1/1/1-4
Cisco 3850 ios3.6.7
aaa authorization config-commandsaaa authorization exec default group tacacs+ localaaa authorization commands 1 default group tacacs+ if-authenticatedaaa authorization commands 15 default group tacacs+ if-authenticatedaaa authorization network default local group radiusaaa authorization auth-proxy default group radius
Directions from brodiman
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.