[c-nsp] tacacs+ restrictions
Arne Larsen / Region Nordjylland
arla at rn.dk
Sat Dec 12 09:15:19 EST 2009
Hi all.
I know it's a bit of topic, but anyway.
I'm trying to get tacacs+ to restrict access and commands for users.
I can't seem to get it right. Whatever I do, I ether get no configurations commands rejected or all get rejected.
I would like to make a user that only can change vlan tag under interfaces configuration This is what I tried to configure..
user = at {
default service = deny
login = cleartext "gt"
enable = cleartext "go"
name = "testing"
service = exec {
priv-lvl = 1
idletime = 10
}
cmd = show {
permit .*
}
cmd = configure {
permit terminal.interface
permit interface.vlan*
deny .*
}
}
Have anyone of you tried to do something similar, any input would be appreciated very much.
Or does someone know where I can seek help.
/Arne
More information about the cisco-nsp
mailing list