CW - Security

Unanswered Question
Mar 24th, 2008

I have enabled RADIUS authentication. Now anyone can login to Ciscoworks. How can I limit it to only specfic users? How do I control Roles?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Mon, 03/24/2008 - 09:12

You can't. Simply enabling one of the authentication modules does not give you any control over roles, or any control over which accounts on the AAA server can login. Any account which does not have a corresponding CiscoWorks account will be granted Help Desk privileges. The only way to do centralized authentication with authorization is to integrate CiscoWorks with ACS. This integration will use TACACS+ as the underlying protocol, and will give you complete control over role customization.

phil.wightman Mon, 03/24/2008 - 09:46

Thank you for the explanation. If I have corresponding Local User account, I can then control the rolls. We are implementing ACS here soon so I will use that when it is available.

Thanks.

Joe Clarke Mon, 03/24/2008 - 09:47

If you have a corresponding local CiscoWorks account, then you can use the pre-defined CiscoWorks roles. However, with ACS, you get the ability to define your own roles on the ACS server.

Actions

This Discussion