[c-nsp] Privilege levels and Secure ACS

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Mon Jul 4 10:51:54 EDT 2005


Kim Onnel <> wrote on Monday, July 04, 2005 4:39 PM:

> Hi,
> 
> I want to differentiate NOC privileges from core engineers when
> working on the routers.
> 
> We are using Cisco secure ACS 3.1, i quickly looked at old
> documentations, but all i get is how to do it on the CLI, which if i
> understand correctly is troublesome, i want the noc users to be able
> to show running-config, clear, reload, ... and all the arguments for
> these commands, i used * and it worked for all commands except for
> "sh run", i found my self having to add alot of things.
> 
> privilege exec level 2 reload
[...]
> 
> And since i have ACS, i want to do it centralized on the ACS, is
> there any new features i should be aware of, new stuff in ACS 3.3 or
> new IOS features related.
> 
> Any guide on how to do it on ACS, tricks?

You want to use command authorization, please see
http://www.cisco.com/warp/public/480/8.shtml for IOS config and ACS-Unix
profiles..

	oli



More information about the cisco-nsp mailing list