ACS For Network Devices With Restricted Access...

Unanswered Question
Mar 26th, 2008
User Badges:


We have ACS 4.1 Integrated with our AD which is in use for our WLAN Users (PEAP Authentication & Easy VPN). We have configured our network devices to authenticate through ACS, the issue with current setup is that any user who is accessing the WLAN or VPN can access my network devices. We want only certain users to access the network devices. How can we achieve anyone have an idea...if my question is not clear please revert back to me...



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading. Wed, 03/26/2008 - 03:40
User Badges:
  • Silver, 250 points or more

Normally this type of question would be over in the security forum.

There are a myrid of ways to accomplish this task. Here's how I do it in my company:

For device telnet/ssh access (routers, switches, APs) we use TACACS+, while remote access (WLAN, VPN, and terminal server) we use RADIUS. TACACS+ is more detailed in command logging so thats why we have it for vty access.

We created AD groups for VPN; VPN and Wireless; VPN, wireless, and terminal server; Device access (level 7 for operators), and Device access (level 15) and associated mapped local groups on the AAA server cluster. We then assigned access permissions and command sets using the ACS server groups.

Now its just a matter of assigning someone to the appropriate AD group to assign them to a network role.

haarisalibaig Wed, 03/26/2008 - 05:24
User Badges:

Thanks alot for your response...I will post my question on Security Forum...If you have some documnetation that would help me alot.



This Discussion