Home
Certification Preparation
Cisco
CCNP
CCNP Security
Read only ASDM with Tacacs+
sucanushie
I'm trying to give access to some users on my ASA's via Tacacs+ on our ACS
On the ACS I did the following
-Added ASA to the ACS
-Created User
-Created Shell profile giving Priv 5
-Created a command set for all commands
-Created auth profile for said user with the shell profile and all commands, command set.
On the ASA I set up AAA authentication and authorization for HTTP then used the predefined user roles which sets Priv 5 as read only.
When I log in I can make changes on the config menu.
If I change the AAA to the local DB and create a user with Priv 5 it works as expected. I can get to the config menu but when I apply changes it says I don't have rights to do so.
When I do a a curpriv from ASDM on both the local account and the tacacs account they show as priv level 5.
I'm not sure what I'm missing.
Find more posts tagged with
Comments
Hondabuff
Have you tried using this line yet?
aaa authorization exec default group tacacs+ local
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
