personalization of log and authentication parameter

Unanswered Question
Dec 14th, 2009

Hi !


I curently working of deploying ACS 5.1.0.44 to authenticate administrative session on our telecom devices.  In version 4.2 I had the possibility to have in the log from wich IP address the administrative session is attempt.  I had also able to permit or deny the administrative session base on the IP address of the administrative session request.


I can't find the equivalent parameter in version 5.1, someone can help me ?  I find the location parameter what is probebly for this purpose, but I did not find where I assign the IP address with the location's name.


Also if someone have a better idea to limit the user used by CiscoWorks software for the CiscoWorks software only and denying any other software trying to use CiscoWorks credentials to make an attempt on any devices, and make sure when we see CiscoWorks credentials in the logs we can be sure the connection was made by CiscoWorks software on the device.


Thanks a lot !

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jrabinow Tue, 12/15/2009 - 12:19

Permit or deny the administrative session base on the IP address of the administrative session request is available on the following page:

System Administration > Administrators > Settings > Access

Can you please clarify what you mean by "log from wich IP address the administrative session is attempt". Audit log records include the IP address of the administrator session.

xine xine Wed, 12/16/2009 - 03:39

Hi !


this setting is for the administrative session to setup the ACS it-self, what I was asking for is for administrative session for the ACS server it-self.  My question is about administrative session on AAA clients.


We are using CiscoWorks to managedour Cisco's telecom devices.  CiscoWorks need user crendentials to open administrative session when we are use CiscoWork to deploy some changes on our networks.  CiscoWorks need also user's crendential to pick-up a backup copy of the configuration, deploy new IOS and some other job deployment operation.


ACS solution was buyed the make more difficult to impersonate someone else in administrative session on our telecom devices.   Actually because users crendentials are knowed by everyone in the team on this cannot be work in different manner, we would like to deny any administrative session try with CiscoWorks user's crendentials which are not came from CiscoWorks server.

Actions

This Discussion