ACS 3.3

Unanswered Question
May 30th, 2007

I'm using ACS 3.3 and I'm trying to restrict telnet access to some subnets only. Is there any option in the ACS that can be accomplished with?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nawas Wed, 05/30/2007 - 06:57

No, I want to allow some users to (5 users) to access telnet only to subnet like 10.9.x.x and 10.8.x.x. and other users to access everything.

Premdeep Banga Fri, 06/01/2007 - 16:55

Still the answer is NAR,

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

You need to apply NAR on per user basis, for those 5 users, and nothing on rest of them.

Resulting, Rest of them will have full access.

And under IP based NAR for these 5 users on user basis, restrict them to subnet

Use Shared Profile component section,s NAF and NAR together, and then apply it on user level.

10.9.*.* (Create a NAF for this)

Port : *

Address : *

10.8.*.* (Create a NAF for this)

Port : *

Address : *

NAF : Available on 4.x, else if you have 3.x, then it depends on how you have created your NDG, else it depends on how you have created AAA clients on ACS, lots of combinations possible. To summarize it all.

You have to play with it.

Regards,

Prem

Regards,

Prem

Actions

This Discussion