[c-nsp] A question about TACACS+ and controlling command use

[Ivan Pepelnjak]

> The obvious answer is to restrict the use of the shutdown command.
> Unfortunately the technicians that often make the mistakes 
> have to be able to use the command to shut down Serial or 
> Ethernet interfaces in the course of their work.

Something along the lines of this EEM Tcl policies:

http://wiki.nil.com/Display_configuration_sections_while_configuring_the_rou
ter

Write one Tcl policy that recognizes the interface name and saves it with
appl_setinfo. The other Tcl policy should recognize the "shutdown" command,
retrieve the saved interface name and check it.

Not too elegant, but working.

Ivan
 
http://www.ioshints.info/about
http://blog.ioshints.info/