[c-nsp] TACACS configuration problem (Lists)

Michael Robson Michael.Robson at manchester.ac.uk
Thu Apr 27 07:05:40 EDT 2006


> > I can configure the TACACS+ server on a Unix box so that I can 
> > restrict access to out Cisco switches and routers for various 
> > commands. However, once I allow access to config t, I 
> cannot work out 
> > how to allow only a subset of commands within this context (eg. to 
> > allow configuring of the 1st 10 ports of a 2950G). Can 
> anyone show me 
> > a bit a sample
> > TACACS+ server config (ideally for a Unix server) that
> > would allow this?
> >
> 
> I don't know if you can use this to restrict someone to some 
> ports (never had the need), but the nearest I know is the 
> document titled  "How to Assign Privilege Levels with TACACS+ 
> and RADIUS".
> 
This isn't flexible enough for what I need. However, I have worked
out what the problem is, the "aaa authorization config-command" was
missing...

Thanks,

Michael Robson.



More information about the cisco-nsp mailing list