[tac_plus] Deny Config Commands.
heasley
heas at shrubbery.net
Tue Jan 5 18:11:03 UTC 2016
Tue, Jan 05, 2016 at 06:35:34PM +1100, Mailing Lists:
> Hi All,
>
> Is it possible to deny users from entering certain configuration commands
> in TACACS?
>
> So for example I want my users to be able to do enable and run whatever
> commands they like, but once they type 'conf t' commands are restricted. If
> it matters, I am specifically interested in denying 'no router' commands on
> IOS-XE and Brocade NetIron (CER/S/MLX) devices.
on ios this is done with aaa command authorization. no idea if brocade
supports this or it can be done there.
More information about the tac_plus
mailing list