Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
713
Views
0
Helpful
2
Replies

ACS For Network Devices With Restricted Access...

haarisalibaig
Level 1
Level 1

‎03-26-2008 12:04 AM

Hi,

We have ACS 4.1 Integrated with our AD which is in use for our WLAN Users (PEAP Authentication & Easy VPN). We have configured our network devices to authenticate through ACS, the issue with current setup is that any user who is accessing the WLAN or VPN can access my network devices. We want only certain users to access the network devices. How can we achieve this...do anyone have an idea...if my question is not clear please revert back to me...

Rgd,

Haaris

Labels:
0 Helpful
2 Replies 2

akemp
Level 5
Level 5

‎03-26-2008 03:40 AM

Normally this type of question would be over in the security forum.

There are a myrid of ways to accomplish this task. Here's how I do it in my company:

For device telnet/ssh access (routers, switches, APs) we use TACACS+, while remote access (WLAN, VPN, and terminal server) we use RADIUS. TACACS+ is more detailed in command logging so thats why we have it for vty access.

We created AD groups for VPN; VPN and Wireless; VPN, wireless, and terminal server; Device access (level 7 for operators), and Device access (level 15) and associated mapped local groups on the AAA server cluster. We then assigned access permissions and command sets using the ACS server groups.

Now its just a matter of assigning someone to the appropriate AD group to assign them to a network role.

0 Helpful

haarisalibaig
Level 1
Level 1
In response to akemp

‎03-26-2008 05:24 AM

Thanks alot for your response...I will post my question on Security Forum...If you have some documnetation that would help me alot.

Rgd,

0 Helpful
Customers Also Viewed These Support Documents