Using ACS I'm trying to limit reverse telnet access to a modem which will later be used by TTYredirector. I want the users to only have access to the modem. We are on 3.01 ACS (yeah I know old) ..
When I use the Network Access restrictions with device:2065:* (2065 being the line assigned port) i get service denied service=raccess tty65 in the Failed Attempts Log.
Do I need to add this service to the TACACS+ under Interface Config ? .. whats the params ? I tried just putting raccess in the new services which added a section under user/group depending on which i selected but nothing else.
on the router i have :
aaa authorization reverse-access default group tacacs+
Advice welcome, google has drawn a zero so far.
Its not the NAR causing the problem - this would result in a "user filtered" message in the failed attempts.
Looks like the problem is that your group config doesnt authorise the raccess service.
Because this isnt a standard pre-defined service in ACS you'll need to goto sys config then tacacs+ (in ACS) and define a custom tacacs service. Call it "raccess". In the group setup you'll then be to enable it and set any attributes you may need.