setting access for one user

Unanswered Question
Apr 14th, 2008

Hi,

Our client has ACS server and implemented AAA fro logging into switches and routers through ACS which is being cofigured RADIUS . They are telnet into rotuers and switches from any user but they are want to setting access from only one user . Can someone plz tell me what can i do to solve yhis problem ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
craig.eyre Tue, 04/15/2008 - 07:17

Hi,

If I understand this right, you have multiple users that can access the routers and switches right now but would like it so only 1 username has access?

If so, you could use NARS (network access restrictions) and deny access to everyone else but the one specific user.

Just select

1.Group Setup

2.Select the group which "already has" router switch access, edit the group settings

3.Then scroll down to the "per group defined network access restrictions" Enable it with a checkmark.

4. Select deny calling/point

5. AAA client = routers and switches (NDG)

6. Ports = *

7. Address = *

8. Hit enter and the new rule will be added to the window above.

9. Click submit (not submit and restart until you create the other NAR for the other group)

***Remember that groups that are mapped to and outside group (ldap, AD) will be able to connect to your routers and switches UNLESS to tell the ACS not to. By default the ACS doesn't know not to let USER1 access the routers but not allow USER2.

That being said, you'll need to deny access to your routers and switches (network device group) to all groups that are not allowed to connect to those devices.

Click submit and restart but remember this will stop authenticating users for the time its restarting.

Hope this helps and feel free to ask anymore questions.

Craig

Pls rate helpful posts.

Actions

This Discussion