I believe this is best you can do:
y...@a03.labxtx03.us.bb-re0# show|display set |match deny
set system login class tacacs-user deny-commands "clear pppoe
sessions($| no-confirm$)"
y...@a03.labxtx03.us.bb-re0> clear pppoe sessions ?
Possible completions:
Name of PPPoE logical
I don't believe what you're doing is tacacs command authorization, that is
junos is not asking the tacacs server if or not it can execute the command,
something IOS and SROS can do, but which makes things like loading config
very brutal (except SROS has way to skip authorization for config loads).
Le lun. 4 juil. 2022 à 16:18, Saku Ytti a écrit :
>
> I don't believe Junos has tacacs command authorization.
it has. This sorta works, I've been able to allow some commands like
'clear network-access aaa subscriber username.*' and 'monitor
traffic'. The issue I have is with 'clear pppoe
I don't believe Junos has tacacs command authorization.
You can add do allow/deny commands regexp in the user class to achieve the
same without introducing the RTT lag.
On Mon, 4 Jul 2022 at 15:52, Pierre Emeriaud via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:
> Hi
>
> i've been trying
Hi
i've been trying to authorize 'clear pppoe session pp0.*' for some of
our users. They already have some allowed commands such as 'monitor
traffic' and 'clear network-access aaa subscriber username' that
works, but 'clear pppoe' is refused.
foo@bar> clear ppp?
No valid completions
foo@bar>
5 matches
Mail list logo