cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
695
Views
5
Helpful
4
Replies

Authorization,Accounting for users.

estelamathew
Level 2
Level 2

Hello experts,

I m not much familar with ACS,I want to know other than authenticating user who are accessing routers or switches what else i can do for windows users (local corporate users )

for administrators and junior level engineers i have created authentication from the ACS but what about those who are not concern for login in routers and switches such as local corporate users,what authetication ,authorization ,and accounting i can do for them.

Thanks,

4 Replies 4

Jatin Katyal
Cisco Employee
Cisco Employee

Mathew,


Looks like you have tacacs in use.


For configuring limited access to network devices, I would suggest you to implement command authorization ( only supported by tacacs)


ACS Shell Command Authorization Sets on IOS Configuration Example

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#backinfo


In order to know who has ran whic command on the IOS, please go for command accounting ( again only supported by tacacs)


aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+


HTH

JK


Plz rate helpul posts-

~Jatin

hello friend ,

Well ok for the junior engineers ,but how ACS is useful for the corporate users which are not doing any IT related job for example: HR,Finnance,Resourcing,Admin,department,

i want to install ACS in university how useful it will be for universith students, I have a windows AD with Group policy flowing to each and every student,

What worth ACS will do for me in such type of scenario.

Thanks,

This is more of requirement/implementation question that should go to your internal team. However, I would suggest you that for those who are not doing any IT related job and you want to completely block them to use any network devices, you can configure NAR for them and for university student ACS can always server as wireless authentication validation. You can also use ACS to authenticate all internal users before they access internet. (adds more security).


Rgds,

JK


Do rate helpful posts-

~Jatin

Hello,

You can also use ACS to  authenticate all internal users before they access internet. (adds more  security).

This can be done by windows group poilicy,by not allowing access to internet ,why i shld require ACS,but How this can be acheive by ACS???

I would suggest you that for those  who are not doing any IT related job and you want to completely block  them to use any network devices, you can configure NAR

which network devices you mean to say??? when they dont have any password for routers and switches to access,what is the advantage of doing NAR on those users.

university student ACS can always serve as wireless authentication validation

Without the access point key nobody can access wirless access point for internet,but suppose if i allow wireless authentication through ACS for them i can do AAA for wireless users,How i can achieve this.????? pls mail me the steps or link.

I m very much new to ACS actually i dont know the benefits of this and how i can it be worth for such university and non IT related users, please guide me with FINAL STEPS  what i shld configure for NON IT related user

Thanks for ur support Jkatyal,and also having to be patient for my  question, i appreciate ur replies,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: