Tacacs Group Settings

By sjoblom.mark ·
I am currently building up a tacacs server (4.0) and I have it set up right now where the ?domain controllers? group can access every switch and do anything, and ?administrators? group can access every switch and do just about everything other than change management IP?s or aaa commands. I am setting up a third group that has access to only their group of switches, not the whole network, and has the same rights as the administrators group. I was able to limit what switches they are able to get into using the network access restrictions, but I also need to give them rights to our core switch but only be allowed to do ?show *? commands. Because they fall under the administrator shell command set, they will be able to change the configs. How do I set the group up to where they have only show ability on my core switches but almost full rights on their own?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Share your knowledge

Related Discussions

Related Forums