[c-nsp] Privilege levels and Secure ACS

Scott Altman staltman at gmail.com
Tue Jul 12 10:40:30 EDT 2005


Yep, you can permit 'configuration terminal, 'interface [any]', 'no
shutdown' and 'shutdown'.  Syntax isn't exact, but that is all
configurable per User Group within ACS.  This assumes your devices are
configured to use 'aaa authorization commands 15 ...', etc.

On 7/11/05, Kim Onnel <karim.adel at gmail.com> wrote:
> Now, i need to enable some commands under the configuration terminal, so
> that the NOC can shut/no shut interfaces, but not do anything else, is this
> possible with ACS ?
> 
> On 7/4/05, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
> >
> > Yes, check out
> > http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/c.htm#778and
> > http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/u.htm#94659
> >  you'll get the idea..
> >   oli
> >
> >  ------------------------------
> > *From:* Kim Onnel [mailto:karim.adel at gmail.com]
> > *Sent:* Monday, July 04, 2005 4:56 PM
> > *To:* Oliver Boehmer (oboehmer)
> > *Subject:* Re: [c-nsp] Privilege levels and Secure ACS
> >
> > we have the windows version, i guess the same could be done, i'll check,
> > thanks
> >
> > On 7/4/05, Oliver Boehmer (oboehmer) < oboehmer at cisco.com> wrote:
> > >
> > > Kim Onnel <> wrote on Monday, July 04, 2005 4:39 PM:
> > >
> > > > Hi,
> > > >
> > > > I want to differentiate NOC privileges from core engineers when
> > > > working on the routers.
> > > >
> > > > We are using Cisco secure ACS 3.1, i quickly looked at old
> > > > documentations, but all i get is how to do it on the CLI, which if i
> > > > understand correctly is troublesome, i want the noc users to be able
> > > > to show running-config, clear, reload, ... and all the arguments for
> > > > these commands, i used * and it worked for all commands except for
> > > > "sh run", i found my self having to add alot of things.
> > > >
> > > > privilege exec level 2 reload
> > > [...]
> > > >
> > > > And since i have ACS, i want to do it centralized on the ACS, is
> > > > there any new features i should be aware of, new stuff in ACS 3.3 or
> > > > new IOS features related.
> > > >
> > > > Any guide on how to do it on ACS, tricks?
> > >
> > > You want to use command authorization, please see
> > > http://www.cisco.com/warp/public/480/8.shtml for IOS config and ACS-Unix
> > > profiles..
> > >
> > > oli
> > >
> >
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list