Occasional Contributor I

How-To for Cisco Command Authorization?

I was able to read through the CPPM User Deployment guide and find how to build a basic Authentication Service that looks for membership in my device group for Routers and Switches, using the TACACS+ Protocol, and then uses AD Pass through to look for AD Group Membership to allow access to my Cisco gear. Now I am looking to add in Tacacs Enforcment (I believe) to support command authorization. I have seen a number of posts here that list troubles they have, but not how they even got that far? Is there a "How-To" for building up the bits needed in to get started? Say I wanted the user to come in with Priv=15, yet only be able to run commands " show .* "?


I figure just one example would set me loose on the rest of the variations I need.




Re: How-To for Cisco Command Authorization?

In your TACACS Enforcement Profile, I believe you use the Commands tab. If the Unmatched Commands box is checked, all unmatched commands are permitted.



Bruce Osborne - Wireless Engineer

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

Contributor I

Re: How-To for Cisco Command Authorization?

Here is a profile that  I set up for or NOC, hope it command profile.PNG

Search Airheads
Showing results for 
Search instead for 
Did you mean: