[tac_plus] Deny Config Commands.
Daniel Schmidt
daniel.schmidt at wyo.gov
Tue Jan 5 20:15:07 UTC 2016
Yes, it can be done on those platforms with authorization.
On Tue, Jan 5, 2016 at 11:11 AM, heasley <heas at shrubbery.net> wrote:
> Tue, Jan 05, 2016 at 06:35:34PM +1100, Mailing Lists:
> > Hi All,
> >
> > Is it possible to deny users from entering certain configuration commands
> > in TACACS?
> >
> > So for example I want my users to be able to do enable and run whatever
> > commands they like, but once they type 'conf t' commands are restricted.
> If
> > it matters, I am specifically interested in denying 'no router' commands
> on
> > IOS-XE and Brocade NetIron (CER/S/MLX) devices.
>
> on ios this is done with aaa command authorization. no idea if brocade
> supports this or it can be done there.
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>
--
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160105/9db6bd5e/attachment.html>
More information about the tac_plus
mailing list