05-10-2010 11:55 PM - edited 03-10-2019 05:07 PM
Hello experts,
I m not much familar with ACS,I want to know other than authenticating user who are accessing routers or switches what else i can do for windows users (local corporate users )
for administrators and junior level engineers i have created authentication from the ACS but what about those who are not concern for login in routers and switches such as local corporate users,what authetication ,authorization ,and accounting i can do for them.
Thanks,
05-11-2010 06:30 AM
Mathew,
Looks like you have tacacs in use.
For configuring limited access to network devices, I would suggest you to implement command authorization ( only supported by tacacs)
ACS Shell Command Authorization Sets on IOS Configuration Example
In order to know who has ran whic command on the IOS, please go for command accounting ( again only supported by tacacs)
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
HTH
JK
Plz rate helpul posts-
05-11-2010 08:17 AM
hello friend ,
Well ok for the junior engineers ,but how ACS is useful for the corporate users which are not doing any IT related job for example: HR,Finnance,Resourcing,Admin,department,
i want to install ACS in university how useful it will be for universith students, I have a windows AD with Group policy flowing to each and every student,
What worth ACS will do for me in such type of scenario.
Thanks,
05-12-2010 04:45 AM
This is more of requirement/implementation question that should go to your internal team. However, I would suggest you that for those who are not doing any IT related job and you want to completely block them to use any network devices, you can configure NAR for them and for university student ACS can always server as wireless authentication validation. You can also use ACS to authenticate all internal users before they access internet. (adds more security).
Rgds,
JK
Do rate helpful posts-
05-21-2010 12:29 AM
Hello,
You can also use ACS to authenticate all internal users before they access internet. (adds more security).
This can be done by windows group poilicy,by not allowing access to internet ,why i shld require ACS,but How this can be acheive by ACS???
I would suggest you that for those who are not doing any IT related job and you want to completely block them to use any network devices, you can configure NAR
which network devices you mean to say??? when they dont have any password for routers and switches to access,what is the advantage of doing NAR on those users.
university student ACS can always serve as wireless authentication validation
Without the access point key nobody can access wirless access point for internet,but suppose if i allow wireless authentication through ACS for them i can do AAA for wireless users,How i can achieve this.????? pls mail me the steps or link.
I m very much new to ACS actually i dont know the benefits of this and how i can it be worth for such university and non IT related users, please guide me with FINAL STEPS what i shld configure for NON IT related user
Thanks for ur support Jkatyal,and also having to be patient for my question, i appreciate ur replies,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: