[c-nsp] Privilege levels and Secure ACS
Kim Onnel
karim.adel at gmail.com
Mon Jul 11 07:43:44 EDT 2005
Now, i need to enable some commands under the configuration terminal, so
that the NOC can shut/no shut interfaces, but not do anything else, is this
possible with ACS ?
On 7/4/05, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
>
> Yes, check out
> http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/c.htm#778and
> http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/u.htm#94659
> you'll get the idea..
> oli
>
> ------------------------------
> *From:* Kim Onnel [mailto:karim.adel at gmail.com]
> *Sent:* Monday, July 04, 2005 4:56 PM
> *To:* Oliver Boehmer (oboehmer)
> *Subject:* Re: [c-nsp] Privilege levels and Secure ACS
>
> we have the windows version, i guess the same could be done, i'll check,
> thanks
>
> On 7/4/05, Oliver Boehmer (oboehmer) < oboehmer at cisco.com> wrote:
> >
> > Kim Onnel <> wrote on Monday, July 04, 2005 4:39 PM:
> >
> > > Hi,
> > >
> > > I want to differentiate NOC privileges from core engineers when
> > > working on the routers.
> > >
> > > We are using Cisco secure ACS 3.1, i quickly looked at old
> > > documentations, but all i get is how to do it on the CLI, which if i
> > > understand correctly is troublesome, i want the noc users to be able
> > > to show running-config, clear, reload, ... and all the arguments for
> > > these commands, i used * and it worked for all commands except for
> > > "sh run", i found my self having to add alot of things.
> > >
> > > privilege exec level 2 reload
> > [...]
> > >
> > > And since i have ACS, i want to do it centralized on the ACS, is
> > > there any new features i should be aware of, new stuff in ACS 3.3 or
> > > new IOS features related.
> > >
> > > Any guide on how to do it on ACS, tricks?
> >
> > You want to use command authorization, please see
> > http://www.cisco.com/warp/public/480/8.shtml for IOS config and ACS-Unix
> > profiles..
> >
> > oli
> >
>
>
More information about the cisco-nsp
mailing list