Configured Nacs- how to restrict AAA client access by specified Password

networking11 · ‎02-25-2009

Hi all

i hav given the below config in AAA Client& added the Client in User,Group, the NAR is configured for all Clients ,

But my requirement is restrict AAA client access by specified Password

aaa new-model

aaa group server tacacs+ NACS_Group1

server 10.x.x.x

server 10.y.y.y

!

aaa authentication login default group NACS_Group1 local

aaa authentication enable default group NACS_Group1 enable

aaa authorization config-commands

aaa authorization exec default group NACS_Group1 if-authenticated

aaa authorization exec NACS_Group1 group tacacs+ local

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

Report Inappropriate Content · ‎03-03-2009

You use the Network Access Restrictions table in the Advanced Settings area of User Setup to set NARs in three ways:

Apply existing shared NARs by name.

Define IP-based access restrictions to permit or deny user access to a specified AAA client or to specified ports on an AAA client when an IP connection has been established.

Define CLI/DNIS-based access restrictions to permit or deny user access based on the CLI/DNIS that is used.

Note: You can also use the CLI/DNIS-based access restrictions area to specify other values. See the Network Access Restrictions section for more information.