[tac_plus] Deny Config Commands.

[Mailing Lists]

Thanx for the response guys. Maybe I'm stupid, but I can't see how I can
deny a specific command while still allowing users to configure things, is
anyone able to give me some pointers on how I would deny 'no router bgp'
for exapmle.

Cheers,
Damien.

On Wed, Jan 6, 2016 at 7:15 AM, Daniel Schmidt <daniel.schmidt at wyo.gov>
wrote:

> Yes, it can be done on those platforms with authorization.
>
> On Tue, Jan 5, 2016 at 11:11 AM, heasley <heas at shrubbery.net> wrote:
>
> > Tue, Jan 05, 2016 at 06:35:34PM +1100, Mailing Lists:
> > > Hi All,
> > >
> > > Is it possible to deny users from entering certain configuration
> commands
> > > in TACACS?
> > >
> > > So for example I want my users to be able to do enable and run whatever
> > > commands they like, but once they type 'conf t' commands are
> restricted.
> > If
> > > it matters, I am specifically interested in denying 'no router'
> commands
> > on
> > > IOS-XE and Brocade NetIron (CER/S/MLX) devices.
> >
> > on ios this is done with aaa command authorization.  no idea if brocade
> > supports this or it can be done there.
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> >
>
> --
>
> E-Mail to and from me, in connection with the transaction
> of public business, is subject to the Wyoming Public Records
> Act and may be disclosed to third parties.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20160105/9db6bd5e/attachment.html
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160106/350d48e5/attachment.html>