cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
422
Views
0
Helpful
3
Replies

ACS 3.3

nawas
Level 4
Level 4

I'm using ACS 3.3 and I'm trying to restrict telnet access to some subnets only. Is there any option in the ACS that can be accomplished with?

3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

Hi Nawas,

You mean to restrict ONLY telnet access or you want to deny access using all modes like telnet, SSH, HTTP/s etc.

If you want to deny all modes to a specific AAA Clients, then you can use NAR's

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697095

Regards,

No, I want to allow some users to (5 users) to access telnet only to subnet like 10.9.x.x and 10.8.x.x. and other users to access everything.

Still the answer is NAR,

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

You need to apply NAR on per user basis, for those 5 users, and nothing on rest of them.

Resulting, Rest of them will have full access.

And under IP based NAR for these 5 users on user basis, restrict them to subnet

Use Shared Profile component section,s NAF and NAR together, and then apply it on user level.

10.9.*.* (Create a NAF for this)

Port : *

Address : *

10.8.*.* (Create a NAF for this)

Port : *

Address : *

NAF : Available on 4.x, else if you have 3.x, then it depends on how you have created your NDG, else it depends on how you have created AAA clients on ACS, lots of combinations possible. To summarize it all.

You have to play with it.

Regards,

Prem

Regards,

Prem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: