02-19-2007 12:48 AM - edited 03-10-2019 02:59 PM
hello
I configure my cisco devices by
aaa new model
aaa authentication login group radiussrv local
config radiussrv group all is OK
but all users authenticated by radius have access to shell. but i need to give cisco shell access only to one group in AD... other groups are used to easyvpn xauth
how to separate them?
02-19-2007 03:18 AM
Hi,
The required setting needs to be done on IAS.
On IOS, there's nothin much you can do.
HTH,
Kanishka
02-19-2007 03:31 AM
well i know this
can you help about it?
I have a strange situation - 2 ias policy one for admin group in AD, other for VPN users in AD... but the result is only authenticate or not... VPN users have acess to shell...
02-19-2007 03:41 AM
I am not if radius can do this but I am not an
expert with radius.
This can be done with freeware tacacs very
easily throught authorization. I've done it
many times myself.
David
CCIE Security
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: