Restrict modem dialout with ACS

Answered Question
Feb 20th, 2007

Hi ..

Using ACS I'm trying to limit reverse telnet access to a modem which will later be used by TTYredirector. I want the users to only have access to the modem. We are on 3.01 ACS (yeah I know old) ..

When I use the Network Access restrictions with device:2065:* (2065 being the line assigned port) i get service denied service=raccess tty65 in the Failed Attempts Log.

Do I need to add this service to the TACACS+ under Interface Config ? .. whats the params ? I tried just putting raccess in the new services which added a section under user/group depending on which i selected but nothing else.

on the router i have :

aaa authorization reverse-access default group tacacs+

Advice welcome, google has drawn a zero so far.

Paul

I have this problem too.
0 votes
Correct Answer by darpotter about 9 years 7 months ago

Paul

Its not the NAR causing the problem - this would result in a "user filtered" message in the failed attempts.

Looks like the problem is that your group config doesnt authorise the raccess service.

Because this isnt a standard pre-defined service in ACS you'll need to goto sys config then tacacs+ (in ACS) and define a custom tacacs service. Call it "raccess". In the group setup you'll then be to enable it and set any attributes you may need.

Darran

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
darpotter Tue, 02/20/2007 - 12:10

Paul

Its not the NAR causing the problem - this would result in a "user filtered" message in the failed attempts.

Looks like the problem is that your group config doesnt authorise the raccess service.

Because this isnt a standard pre-defined service in ACS you'll need to goto sys config then tacacs+ (in ACS) and define a custom tacacs service. Call it "raccess". In the group setup you'll then be to enable it and set any attributes you may need.

Darran

pregan Wed, 02/21/2007 - 01:10

thank you .. this has got me 1 step further. i now have a NAR problem which I'll work through ..

Actions

This Discussion