Security

 View Only

  • 1.  newbie TACACS Command Authorization

    Posted Feb 20, 2025 04:14 PM

    Hi All, 

    1. I want users to be able to do most show commands except show run.
    2. I want users to be able to write mem

    I have these settings , #2 works but #1 still show run still executes. any ideas? thanks



  • 2.  RE: newbie TACACS Command Authorization

    Posted Feb 20, 2025 04:35 PM
    Edited by racowi Feb 20, 2025 04:36 PM

    Hey nice username (lol):
    3 things I would check are:
    1. Make sure your device have the aaa authorization commands enabled
    2. Make sure the TACACS service is applying this profile correctly. 
    3. You can combine both show commands in just one line and make sure you are understanding correctly the Unmatch action. See picture, make sure to not mark the "Enable to permit unmatched commands" as in the picture below:


    Original Message


  • 3.  RE: newbie TACACS Command Authorization

    Posted Feb 20, 2025 05:47 PM

    you can refer to section 4 of "Aruba ClearPass Wired Enforcement for CX switches – Part4 technote which covers a TACACS example,



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


Related Content