- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
CiscoSecure ACS Command Authorization [7:103031] posted 09/26/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

I'm trying to configure command authorization on ACS and it is failing
miserably. No matter what I do, ACS rejects commands from the network
device. I initially created an authorization set called "read_only" so
someone could get into privileged mode but could only enter certain
commands, e.g. enable, show, disable, exit, etc. As soon as I enabled
command authorization on the network device I stopped being able to enter
any commands at all!

I've tried various mixes of permitting and denying just to see what happens.
At the moment, I have my command authorization set configured to permit
unmatched commands so it should be permitting everything, yet I still get
denied. The logs show that my device is in the proper group and I'm using
the proper authorization set, yet it also shows that the command was denied.

I'm about to pull my hair out. Any thoughts?


Message Posted at:
FAQ, list archives, and subscription info: