SG300 tacacs authorization and accounting support

Similar Messages

• Cisco 300 support TACACS+ authorization and accounting

  Hi All,
  Can someone please confirm that does Cisco 300 switch supports tacacs authorization and accounting ? or just authentication ?
  Kindly guide

  Hello
  Please review this - Cisco 300
  res
  Paul

• ACS - ASA Authorization and Accounting

  Hi
  I have some questions regarding authorization and accounting on ASA via ACS server
  when I enable the command "aaa authorization       command " to control SSH users commands  I get locked out on       console then i have to configure the console , telnet , and enable to be       authenticated via tacacs too , is there any way to authorize SSH via       tacacs while keeping Console and telnet authenticated locally or even no       authentication ?
  i issued  accounting command "aaa accounting       command TAC" on ASA but i noticed that the ACS just logs commands in       configuration mod "privilege 15 " not any show command or       privilege 1 , is there any way to fix this ?
  does RADIUS support SHELL authorization ?
  thanks for your support

  1.] Unfortunately, there currently isn't any way to exclude command authorization from the  serial/ console or ssh users while having it apply to other access methods in case of ASA. Once you issue this command, it would be applicable for ALL methods like ssh,telnet,enable,http and console. This can be easily achieved in IOS (routers and switches) by creating a method list.
  2.] When you configure the aaa accounting command command, each command other than  show commands entered by an administrator is recorded and sent to the accounting server or servers. This is a default behaviour on ASA. IOS does send/record all show commands on ACS/Tacacs.
  http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/a1.html
  Regards,
  Jatin
  Do rate helpful posts-

• AAA authorization and accounting

  Hello everyone.
  I am given a project to implement AAA on routers and switches in our environment. Can some one please help me out in understanding the difference between,
  1) aaa authorization exec and aaa authorization command option.
  2) aaa accounting exec and aaa accounting command option.
  Many thanks.
  Sent from Cisco Technical Support Android App

  Hello,
  1) aaa authorization exec and aaa authorization command option.
  The first one authorizes if the user has the right privilege level to enter to one of the IOS priviliege levels (0,1,15) you can customize this.
  The second one authorizes the different commands a user can type and send to the device
  2) aaa accounting exec and aaa accounting command option.
  The first one again accounts when a users enters a specific user-level (Privileged level 15 or Exec user-level 1)
  Second one sends an accounting message per each command send to the box
  Check my blog at http:laguiadelnetworking.com for further information.
  Cheers,
  Julio Carvajal Segura

• Tacacs authorization and Priv levels

  Hi
  I'm strugling with TACACS+ and priv levels, and hoping someone out there can help me solve an issue.
  So, in this enviroment we need the following:
  Read-only users
  Users with access to some configuration commands.
  Okay, the TACACS configuration for the read-only users looks like this:
  group = readonly-users {
     default service = deny
     cmd = show            
        permit running-config
        permit interface
        permit privilege
        permit vlan
        deny .*
     service = exec
        priv-lvl = 15
  # Note that priv lvl 15 has been set to allow the users to run the "show running-config", all other commands than the one mentioned is denied.
  The TACACS configuration for the Users with configuration access looks like this.
  group = restricted-user {
     default service = deny
     cmd = show
        permit interface
        permit vlan
        permit privilege
        deny .*
     service = exec
        priv-lvl = 7
  And the following has been configured on the switches to allow further configurations, these commands we had to enable after I had made the previous read-only user in tacacs:
  privilege interface level 7 switchport access vlan
  privilege interface level 7 switchport mode access
  privilege interface level 7 switchport voice vlan
  privilege configure level 7 interface
  privilege exec level 7 configure terminal
  privilege exec level 7 show running-config
  privilege exec level 7 write memory
  It all worked just fine, the read-only users only had access to the commands configured in TACACS. But when I configured the users with configuration access and enter the privilege commands on the switch it stopped working.
  Somehow the privilege commands on the switch applies to all privilege levels above lvl 7. Meaning that my read-only users with priv lvl 15, all commands exept show commands denied, they can suddenly enter priviledged exec mode because I allowed the priv lvl 7 users to enter it.
  This does not make sense to me, because I've read on cisco's HP that when configuring privilege level commands on the equipment, you allow only that level to access the command, and not all above.
  I hope someone can help me with this issue, and it should be solved in the TACACS configuration, because the TACACS server is controlling over 500 switches and routers. So it aint just a question of reconfiguring the switches, that would take the rest of 2011.
  I hope you guys know the answer to this.
  Thanks in advance.
  Kind regards

  Thanks for your answer.
  Well when I started to configure this TACACS setup, I tried to create 2 profiles with privilege level 15 and just allow/deny the different commands. But the thing is that you cannot allow all commands in the TACACS configuration. For example, you cannot give a user privilege level 15 and deny all commands, but allow the user to configure VLANs on interfaces, and duplex settings which is what I want the users to be able to do.
  That's why I needed to configure the commands to be accessable from privilege level 7 on the equipment.
  If only I could create a profile with privilege level 15 and give the user access to the commands he needs, and only those from the TACACS configuration file, that would make it allot easier, but that just aint the way TACACS works, unfortunately.

• How can I authorize and access my itunes account on a new computer if I cant access my old computer to enable home sharing

  How can I authorize and access my itunes account on a new computer if I cant access my old computer to enable home sharing

  Authorization
  Macs:  iTunes Store- About authorization and deauthorization.
  Windows: How to Authorize or Deauthorize iTunes | PCWorld.
  In iTunes you use the Authorize This Computer or De-authorize This Computer option under the Store menu in iTunes' menubar. For Windows use the ALT-S keys to access it. Or turn on Windows 7 and 8 iTunes menus: iTunes- Turning on iTunes menus in Windows 8 and 7.
  To deauthorize a computer you don't have:
  De-authorizing Computers (contributed by user John Galt)
  You can de-authorize individual computers, but only by using those computers. The only other option is to "de-authorize all" from your iTunes account.
    1. Open iTunes on a computer
    2. From the Store menu, select "View my Account..."
    3. Sign in with your Apple ID and password.
    4. Under "Computer Authorizations" select "De-authorize All".
    5. Authorize each computer you still have, as you may require.
  You may only do this once per year.
  After you "de-authorize all" your authorized computers, re-authorize each one as required.
  If you have de-authorized all computers and need to do it again, but your year has not elapsed, then contact: Apple - Support - iTunes - Contact Us.
  For more information on authorization and de-authorization: iTunes Store- About authorization and deauthorization.

• Will my iTunes account support two iPads, and will the apps that I paid for on one iPad be free on the second iPad.

  Will my iTunes account support two iPads, and will the apps I buy for one iPad be free for the other iPad.

  Yes yes and yes.
  My girlfriend and I use the same AppleID for purchases, and any apps that she purchases I am able to then purchase without additional charges.
  EE

• TS1389 i have windows 8 and cant authorize my account to transfer my icloud/iphone purchases to this computer. authorize computer is not part of the store. what do i do next?

  I have windows 8 and can't authorize my account to transfer my icloud/iphone tunes to my computer. i dont seem to be able to do this from the store as it is not on the menu. my options when i click on my account are limited to stopping all devises and do not include adding a new device- i only have 4 associated with the apple id account. this is all so frustrating. HELP!

  Press the Alt and S keys and choose Authorize this Computer, or click here, follow the instructions, click on Store in the menu bar, and choose Authorize this Computer.
  (85244)

• HT1206 my other computers have fried or have been broken. so how am i supposed to deauthorize those computers if i cant even turn them on? and why is there a maximum to how many computers i can authorize my account to?

  why cant i authorize my account to this computer? i cant turn on my other computers with this account authorized because they were fried and broken so how am i supposed to deauthorize those computers?

  "why cant i authorize my account to this computer?"
  No idea, as you have not explained your problem.  What happens when you try to authorize it?
  " i cant turn on my other computers with this account authorized because they were fried and broken so how am i supposed to deauthorize those computers?"
  You cannot until you reach the limit of 5, then you can deauthorize all.
  iTunes Store: About authorization and deauthorization

• My computer(A toshiba) crashed and when I bought a new computer(a Mac), my previous apple ID does not word and I was only able to get songs that I bought in 2004. I am unable to authorize my account to get to songs that I purchased recently. Please help.

  My computer(A toshiba) crashed and when I bought a new computer(a Mac), my previous apple ID does not word and I was only able to get songs that I bought in 2004. I am unable to authorize my account to get to songs that I purchased recently. Please help.

  Steve Taylor1 wrote:
  If you have exceeded your allowance of 5 machines then Apple will not allow you to authorise additional Computers. If you still have access to your old toshiba fire it up de-authorise it and then try again with the new computer.
  While this won't help if you are having password problems, I did want to point out that you do not need to access old machines to de-authorize them. Once you are signed in at the iTunes store, access "my account" by clicking on your username in the top navigation bar. Then "manage devices".  You can remove any old machines that way.

• I'm trying to play a song and itunes is repeatly asking me to authorize the account.  I have authorized the account and it will not play one particular song.  What should I do?

  I'm trying to play a song and itunes is repeatly asking me to authorize the account.  I have authorized the account and it will not play one particular song.  What should I do?

  If just one song on an album is doing that, that suggests the track is damaged.
  If your country's iTunes Store allows you to redownload purchased tracks, I'd delete your current copy of the track and try redownloading a fresh one. See the following document for instructions:
  Downloading past purchases from the App Store, iBookstore, and iTunes Store
  Otherwise, I'd report the problem to the iTunes Store.
  Log in to the Store. Click on "Account" in your Quick Links. When you're in your Account information screen, go down to Purchase History and click "See all".
  Find the item that is not playing properly. If you can't see "Report a Problem" next to the item, click the "Report a problem" button. Now click the "Report a Problem" link next to the item.

• Microsoft support. Please help file a complaint about abuse of microsoft account support and peoples personal data.

  I was receiving technical support from the support phone number from a person in India.
  He began to ask me personal questions not related to the software and while he was asking these questions while working for Microsoft he was on another computer and website taking a paid survey for giving my personal information.
  I hung up the phone even though he attempted to call back.
  Who do I file a complaint with over the abuse and misuse of my personal information and account?

  Unfortunately your post is off topic here, in the MSDN Subscriptions feedback forum, because it is not feedback regarding the MSDN Subscription. This is a standard response I’ve written up in advance to help many people (thousands, really.) who
  happen to post their question in my forum, but please don’t ignore it.  The links provided below I’ve collected to help with many issues we’ve seen.
  For technical issues with Microsoft products that you would run into as an end user of those products, one great source of info and help is
  http://answers.microsoft.com, which has sections for Windows, Hotmail, Office, IE, and other products.   Office related forums are also here:
  http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx
  For Technical issues with Microsoft products that you might have as an IT professional (like more technical installation issues, or other IT issues), you should head to the TechNet Discussion forums at
  http://social.technet.microsoft.com/forums/en-us, and search for your product name.
  For issues with products you might have as a Developer (like how to talk to APIs, what version of software do what, or other developer issues), you should head to the MSDN discussion forums at
  http://social.msdn.microsoft.com/forums/en-us, and search for your product or issue.
  If you’re asking a question particularly about one of the Microsoft Dynamics products, a great place to start is here:
  http://community.dynamics.com/
  If you really think your issue is related to the MSDN Subscription, and I screwed up, I apologize!  Please repost your question to the discussion forum and include much more detail about your problem, that could include screenshots of the issue
  (do not include subscription information or product keys in your screenshots!), and/or links to the problem you’re seeing. 
  If you really have no idea where to post this question, then you shouldn’t have posted here, because we have a forum just for you!  It’s called the ‘Where is the forum for…?’ forum and its here:
  http://social.msdn.microsoft.com/forums/en-us/whatforum/
  Please review the topic of the forum you’re posting in before posting your question.  Moving your post to the off topic forum.
  Thanks, Mike
  MSDN and TechNet Subscriptions Support

• I live in Canada and am visiting Hungary.  I would like to purchase iTunes but when I try to pay, my account information is not accepted and iTunes support is of no help.  Is there something I should be doing to complete a transaction?

  I live in Canada and am visiting Hungary.  I would like to purchase iTunes but when I try to pay, my account information is not accepted and iTunes support is of no help.  Is there something I should be doing to complete a transaction?

  Change App Store
  1. Tap "Settings"
  2. Tap "iTunes & App Stores"
  3.Tap "View Apple ID"
  4. Enter your user name and password.
  5. Tap "Country/Region."
  6. Tap "Change Country/Region"
  7. Select the region where you are located.
  8. Tap "Done".

• I was using my bros account for icloud, he changed & forgot the pass now i want to sign out & put mine but i'm not able to do that and he couldnt recover bcz he did it long time ago and apple support are not sending a recovery email to his email?

  i was using my bros account for icloud, he changed & forgot the pass now i want to sign out & put mine but i'm not able to do that and he couldnt recover bcz he did it long time ago and apple support are not sending a recovery email to his email... what shall i do now to sign out?

  Tell him to contact the Apple account security team for his country and ask for assistance changing the password: http://support.apple.com/kb/HT5699.  If his country isn't listed, he can try contacting iTunes store support by filling out this form: https://www.apple.com/emea/support/itunes/contact.html.

• TS1717 My ITunes account has failed to open and reccomends a "reinstall" The Apple support site gives instructions to "Create a New Account".  Will I loose my music and account $ balance?

  My ITunes account has failed to open and reccomends a "re-install".  The apple support site instructs "create a new account".  Any knows what will become of my music collection and account $ balance?

  Under normal circumstances, an uninstall/reinstall doesn't touch your content. (That being said, it's still always a good idea to maintain a current backup at all times in case of disasters of any sort.)
  I've never lost an account balance after an uninstall/reinstall.