I am trying to do Shell Command Authorization on my routers using Tacacs. I have one user that i place under privilege level 14. I want a level 15 command (clear line) to be used by that user. Using the "privilege exec level 14 clear line" works, but I need to implement it on ACS to save me time from having to enter the command over and over again to many routers. But I noticed that once my user logged under privilege level 14 (Tacacs Setting, Privilege Level = 14), the Command Authorization. I cannot bring the "clear line" command to that level. I tried using this on ASA and it works, it just seems the router wont allow bringing a level 15 command down to level 14, without manually configuring "privilege exec level 14 clear line"
ACS config: Per Group Command Authorization Unmatched Cisco IOS commands (deny) [check] Command: clear Arguments: (none) Unlisted arguments: permit Any help will be appreciated. Sincerely, Lorenz
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
