[c-nsp] Re: Cisco TACACS+ filter
Kanagaraj Krishna
kanagaraj at aims.com.my
Fri Feb 3 05:08:32 EST 2006
How do you deny "sh run" on the tacacs server without using privilege commands. I even tried the statement "deny run" under "cmd=show", but it doesn't seem to work. This are my config:
on Cisco
---------
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group tacacs+ local
On Tacacs+ server
-------------------
group = testing {
enable = cleartext "test"
cmd = show {
deny run
permit ver
permit ip
permit interface
}
}
Regards,
Kanagaraj Krishna
More information about the cisco-nsp
mailing list