[tac_plus] Re: Restricting Cisco 'interface' command
john heasley
heas at shrubbery.net
Tue Oct 20 16:09:31 UTC 2009
Tue, Oct 20, 2009 at 10:35:11AM -0400, dterry at dollartree.com:
>
> Hello,
>
> I am trying to restrict the usage of the 'interface' command within
> Cisco gear. I would like the users to have access to issue "interface Gi.*"
> or "interface Fa.*". I do not want them to have the ability to issue
> "interface Te.*". The configuration that I have in place now for this is:
>
> cmd = interface {
> permit ".*Gi.*"
> permit ".*Fa.*"
> deny .*
> }
>
> Should this work? If not, where's my error?
make sure authorization is configured on the device, else enable tacacs
authorization debugging to find-out why its not matching.
More information about the tac_plus
mailing list