[c-nsp] Privilege levels and Secure ACS
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Jul 4 10:51:54 EDT 2005
Kim Onnel <> wrote on Monday, July 04, 2005 4:39 PM:
> Hi,
>
> I want to differentiate NOC privileges from core engineers when
> working on the routers.
>
> We are using Cisco secure ACS 3.1, i quickly looked at old
> documentations, but all i get is how to do it on the CLI, which if i
> understand correctly is troublesome, i want the noc users to be able
> to show running-config, clear, reload, ... and all the arguments for
> these commands, i used * and it worked for all commands except for
> "sh run", i found my self having to add alot of things.
>
> privilege exec level 2 reload
[...]
>
> And since i have ACS, i want to do it centralized on the ACS, is
> there any new features i should be aware of, new stuff in ACS 3.3 or
> new IOS features related.
>
> Any guide on how to do it on ACS, tricks?
You want to use command authorization, please see
http://www.cisco.com/warp/public/480/8.shtml for IOS config and ACS-Unix
profiles..
oli
More information about the cisco-nsp
mailing list