03-24-2008 08:47 AM
I have enabled RADIUS authentication. Now anyone can login to Ciscoworks. How can I limit it to only specfic users? How do I control Roles?
03-24-2008 09:12 AM
You can't. Simply enabling one of the authentication modules does not give you any control over roles, or any control over which accounts on the AAA server can login. Any account which does not have a corresponding CiscoWorks account will be granted Help Desk privileges. The only way to do centralized authentication with authorization is to integrate CiscoWorks with ACS. This integration will use TACACS+ as the underlying protocol, and will give you complete control over role customization.
03-24-2008 09:46 AM
Thank you for the explanation. If I have corresponding Local User account, I can then control the rolls. We are implementing ACS here soon so I will use that when it is available.
Thanks.
03-24-2008 09:47 AM
If you have a corresponding local CiscoWorks account, then you can use the pre-defined CiscoWorks roles. However, with ACS, you get the ability to define your own roles on the ACS server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide