<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Hi Tomas,</DIV>
<DIV> </DIV>
<DIV>I did not use Cisco ACS. However, I guess the same approach would apply.</DIV>
<DIV>I created a group in my tacacs+ with the below specified LI_admin option, then created li users within this group. My working config is as follows:</DIV>
<DIV> </DIV>
<DIV>group = LI_Admin {<BR> default service = permit<BR> service = exec {<BR> default attribute = permit<BR> priv-lvl = 15<BR> optional command-access = LI-admin<BR> }<BR>}</DIV>
<DIV>user = li-admin {<BR> member = LI_Admin<BR> login = myLogin</DIV>
<DIV>}</DIV>
<DIV><BR>I hope it helps.</DIV>
<DIV> </DIV>
<DIV>Regards.</DIV>
<DIV>Fatih</DIV>
<DIV><BR>--- On <B>Thu, 2/3/11, Tomas Lynch <I><tomas.lynch@gmail.com></I></B> wrote:<BR></DIV>
<BLOCKQUOTE style="BORDER-LEFT: rgb(16,16,255) 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"><BR>From: Tomas Lynch <tomas.lynch@gmail.com><BR>Subject: Re: [rbak-nsp] li-admin from Cisco ACS<BR>To: "fatih ayvaz" <fayvaz77@yahoo.com><BR>Cc: redback-nsp@puck.nether.net<BR>Date: Thursday, February 3, 2011, 9:13 PM<BR><BR>
<DIV id=yiv1695164189>Faith,<BR><BR>Thanks for your answer, I knew that that was the command line, my question is where in the Cisco ACS must be configured. Do you know where? The only similar config that I have found is <A href="http://bit.ly/dHdxuC" rel=nofollow target=_blank>http://bit.ly/dHdxuC</A><BR><BR>Shall I put that line in step 3 like the allow-commands example?<BR><BR>Thanks,<BR><BR>Tomas<BR><BR>
<DIV class=yiv1695164189gmail_quote>On Thu, Feb 3, 2011 at 12:26 PM, fatih ayvaz <SPAN dir=ltr><<A href="http://us.mc1120.mail.yahoo.com/mc/compose?to=fayvaz77@yahoo.com" rel=nofollow target=_blank ymailto="mailto:fayvaz77@yahoo.com">fayvaz77@yahoo.com</A>></SPAN> wrote:<BR>
<BLOCKQUOTE style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; PADDING-LEFT: 1ex" class=yiv1695164189gmail_quote>
<TABLE border=0 cellSpacing=0 cellPadding=0>
<TBODY>
<TR>
<TD vAlign=top>
<DIV>Hi Tomas,</DIV>
<DIV> </DIV>
<DIV>you need to have:</DIV>
<DIV>optional command-access = LI-admin</DIV>
<DIV> </DIV>
<DIV>in tacacs config, to return your tacacs authenticated user with LI-admin privileges.</DIV>
<DIV>In addition, you need to have li license installed on the BRAS.</DIV>
<DIV> </DIV>
<DIV>Regards.</DIV>
<DIV>Fatih<BR><BR>--- On <B>Thu, 2/3/11, Tomas Lynch <I><<A href="http://us.mc1120.mail.yahoo.com/mc/compose?to=tomas.lynch@gmail.com" rel=nofollow target=_blank ymailto="mailto:tomas.lynch@gmail.com">tomas.lynch@gmail.com</A>></I></B> wrote:<BR></DIV>
<BLOCKQUOTE style="BORDER-LEFT: rgb(16,16,255) 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"><BR>From: Tomas Lynch <<A href="http://us.mc1120.mail.yahoo.com/mc/compose?to=tomas.lynch@gmail.com" rel=nofollow target=_blank ymailto="mailto:tomas.lynch@gmail.com">tomas.lynch@gmail.com</A>><BR>Subject: [rbak-nsp] li-admin from Cisco ACS<BR>To: <A href="http://us.mc1120.mail.yahoo.com/mc/compose?to=redback-nsp@puck.nether.net" rel=nofollow target=_blank ymailto="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</A><BR>Date: Thursday, February 3, 2011, 3:51 PM
<DIV class=yiv1695164189im><BR><BR>
<DIV>We need to send the li-admin permission to a SE1200 from a Cisco ACS (TACACS+ for windows) but cannot find any info or example. Anybody on this list?<BR></DIV><BR></DIV>-----Inline Attachment Follows-----<BR><BR>
<DIV>_______________________________________________<BR>redback-nsp mailing list<BR><A href="http://us.mc1120.mail.yahoo.com/mc/compose?to=redback-nsp@puck.nether.net" rel=nofollow target=_blank>redback-nsp@puck.nether.net</A><BR><A href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel=nofollow target=_blank>https://puck.nether.net/mailman/listinfo/redback-nsp</A><BR></DIV></BLOCKQUOTE></TD></TR></TBODY></TABLE><BR></BLOCKQUOTE></DIV><BR></DIV></BLOCKQUOTE></td></tr></table><br>