Thanks, Fawad, I remember looking into it but somehow I skipped the right name in the long list. Let me get it right. This command outputs all available and known to IOS attributes or only those returned by RADIUS ? If it's only RADIUS and I guess it by the only available prompt:
R6#sh aaa attribute protocol ? radius Show RADIUS equivalent attributes then I'd need to know the service type to prefix it to the RADIUS attribute string, correct ? It makes life a bit easier and requires remembering the right service name, e.g. shell, auth-proxy and so on From: Fawad Khan [mailto:[email protected]] Sent: Wednesday, June 13, 2012 5:34 PM To: Eugene Pefti Cc: CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] TACACS attributes missing in Cisco docs ? Try show aaa attribute On Wednesday, June 13, 2012, Eugene Pefti wrote: Guys, Am I missing something? It is a notorious question about role-based access and CLI views but my point is about finding the required details in Cisco docs. I need the right TACACS attributes for cli-view. Assuming that I forgot the it is "cli-view-name" I navigate to following sections hoping to find the right syntax: 1. Securing User Services Configuration Guide Library, Cisco IOS Release 12.4T 2. User Security Configuration Guide, Cisco IOS Release 12.4T Nothing for TACACS attributes... Then I decide to take a look at 3. TACACS+ Configuration Guide, Cisco IOS Release 12.4T And find nothing again. Is it just an oversight from Cisco ? Same for RADIUS. I go to the section called "RADIUS Attributes Configuration Guide, Cisco IOS Release 12.4T" and don't find anything for cli-view. Earlier last year Kamran posted a message here referring to Cisco docs. I'm quoting his message: As per CISCO DOC CD: "When RADIUS authorization is enabled it's necessary to supply parser view name using Cisco AV-Pair which is 009\001." This attribute should contain: RADIUS shell:cli-view-name= shell:priv-lvl=15 I'm stupidly accepting that I can't find anything in Cisco docs anymore. And I wish it is not only for cli-views. There are tons at RADIUS and TACACS attributes but there's no good systematic reference in Cisco docs. Just a collection of garbage. Eugene -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
