cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
352
Views
0
Helpful
1
Replies

setting access for one user

skeaf1980
Level 1
Level 1

Hi,

Our client has ACS server and implemented AAA fro logging into switches and routers through ACS which is being cofigured RADIUS . They are telnet into rotuers and switches from any user but they are want to setting access from only one user . Can someone plz tell me what can i do to solve yhis problem ?

1 Reply 1

craig.eyre
Level 1
Level 1

Hi,

If I understand this right, you have multiple users that can access the routers and switches right now but would like it so only 1 username has access?

If so, you could use NARS (network access restrictions) and deny access to everyone else but the one specific user.

Just select

1.Group Setup

2.Select the group which "already has" router switch access, edit the group settings

3.Then scroll down to the "per group defined network access restrictions" Enable it with a checkmark.

4. Select deny calling/point

5. AAA client = routers and switches (NDG)

6. Ports = *

7. Address = *

8. Hit enter and the new rule will be added to the window above.

9. Click submit (not submit and restart until you create the other NAR for the other group)

***Remember that groups that are mapped to and outside group (ldap, AD) will be able to connect to your routers and switches UNLESS to tell the ACS not to. By default the ACS doesn't know not to let USER1 access the routers but not allow USER2.

That being said, you'll need to deny access to your routers and switches (network device group) to all groups that are not allowed to connect to those devices.

Click submit and restart but remember this will stop authenticating users for the time its restarting.

Hope this helps and feel free to ask anymore questions.

Craig

Pls rate helpful posts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: