Security

last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

How-To for Cisco Command Authorization?

This thread has been viewed 17 times

  • 1.  How-To for Cisco Command Authorization?

    Posted Apr 09, 2018 03:43 PM

    I was able to read through the CPPM User Deployment guide and find how to build a basic Authentication Service that looks for membership in my device group for Routers and Switches, using the TACACS+ Protocol, and then uses AD Pass through to look for AD Group Membership to allow access to my Cisco gear. Now I am looking to add in Tacacs Enforcment (I believe) to support command authorization. I have seen a number of posts here that list troubles they have, but not how they even got that far? Is there a "How-To" for building up the bits needed in to get started? Say I wanted the user to come in with Priv=15, yet only be able to run commands " show .* "?

     

    I figure just one example would set me loose on the rest of the variations I need.

     

    Nick



  • 2.  RE: How-To for Cisco Command Authorization?

    MVP
    Posted Apr 09, 2018 03:46 PM
      |   view attached

    In your TACACS Enforcement Profile, I believe you use the Commands tab. If the Unmatched Commands box is checked, all unmatched commands are permitted.

     

     



  • 3.  RE: How-To for Cisco Command Authorization?

    Posted Apr 11, 2018 09:40 AM

    Here is a profile that  I set up for or NOC, hope it helps.cisco command profile.PNG