Configured Nacs- how to restrict AAA client access by specified Password

Unanswered Question
Feb 25th, 2009

Hi all

i hav given the below config in AAA Client& added the Client in User,Group, the NAR is configured for all Clients ,

But my requirement is restrict AAA client access by specified Password



aaa new-model

aaa group server tacacs+ NACS_Group1

server 10.x.x.x

server 10.y.y.y

!

aaa authentication login default group NACS_Group1 local

aaa authentication enable default group NACS_Group1 enable

aaa authorization config-commands

aaa authorization exec default group NACS_Group1 if-authenticated

aaa authorization exec NACS_Group1 group tacacs+ local

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Tue, 03/03/2009 - 14:32

You use the Network Access Restrictions table in the Advanced Settings area of User Setup to set NARs in three ways:


Apply existing shared NARs by name.


Define IP-based access restrictions to permit or deny user access to a specified AAA client or to specified ports on an AAA client when an IP connection has been established.


Define CLI/DNIS-based access restrictions to permit or deny user access based on the CLI/DNIS that is used.


Note: You can also use the CLI/DNIS-based access restrictions area to specify other values. See the Network Access Restrictions section for more information.



Actions

This Discussion