Question : Problem: AAA authorization confguration

I'm configuring a Cisco Access Server for the routers in my network...But I'm confused on what AAA configuration I should use in the router when I'm configuring a helpdesk for minimal router access..For example the I just want the helpdesk just to use sh run and nothing else...But I when I set the max privileges in the Cisco Secure application server to anything below 15, it tells me that the Tacacs+ enable privlieges are too low....Am I'm missing something....Can some give me a sample AAA configuration example for the routers to solve this problem.....I believe I need aaa authorization...Any help would be apprieciated..

Answer : Problem: AAA authorization confguration

Yes, aaa authorization is required, but the command restrictions lies in the ACS server. What version do you have? Have you created a group of commands that are authorized, then applied that command list to the user group?

Alternatively, you can use user privelege levels on the router itself...

 username helpdesk pass prive level 3
Then define the commands that priv level 3 can do....

privilege exec level 3  sho run

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml

Random Solutions  
 
programming4us programming4us