Joe Clarke Mon, 03/24/2008 - 09:12

You can't. Simply enabling one of the authentication modules does not give you any control over roles, or any control over which accounts on the AAA server can login. Any account which does not have a corresponding CiscoWorks account will be granted Help Desk privileges. The only way to do centralized authentication with authorization is to integrate CiscoWorks with ACS. This integration will use TACACS+ as the underlying protocol, and will give you complete control over role customization.

phil.wightman Mon, 03/24/2008 - 09:46

Thank you for the explanation. If I have corresponding Local User account, I can then control the rolls. We are implementing ACS here soon so I will use that when it is available.


Joe Clarke Mon, 03/24/2008 - 09:47

If you have a corresponding local CiscoWorks account, then you can use the pre-defined CiscoWorks roles. However, with ACS, you get the ability to define your own roles on the ACS server.


This Discussion