[c-nsp] TACACS configuration problem (Lists)
Michael Robson
Michael.Robson at manchester.ac.uk
Thu Apr 27 07:05:40 EDT 2006
> > I can configure the TACACS+ server on a Unix box so that I can
> > restrict access to out Cisco switches and routers for various
> > commands. However, once I allow access to config t, I
> cannot work out
> > how to allow only a subset of commands within this context (eg. to
> > allow configuring of the 1st 10 ports of a 2950G). Can
> anyone show me
> > a bit a sample
> > TACACS+ server config (ideally for a Unix server) that
> > would allow this?
> >
>
> I don't know if you can use this to restrict someone to some
> ports (never had the need), but the nearest I know is the
> document titled "How to Assign Privilege Levels with TACACS+
> and RADIUS".
>
This isn't flexible enough for what I need. However, I have worked
out what the problem is, the "aaa authorization config-command" was
missing...
Thanks,
Michael Robson.
More information about the cisco-nsp
mailing list