Cisco 2901 terminal server and restricting access

Unanswered Question
Apr 20th, 2011

I have a Cisco 2901 Terminal server with AAA authentication via ACS server.  I create two
accounts on the acs server, cciesec2011 and vendor.  Both accounts can log into the Cisco
2901 Terminal Server without any issues.  By the way, I am NOT using AAA authorization on
the  Cisco Terminal Server.  Once cciesec2011 or vendor accounts are authenticated, these
accounts can access all the async line on the Cisco Terminal Server.

Now I have a new requirements.  I would like to allow cciesec2011, once this account is
successfully authenticated, this account has access to ALL async line on the Terminal
Server.  The "vendor" account, I want to restrict this account access only to async
line 35 (there are 32 async lines available on the Cisco Terminal Server) and nothing
else.

How can I accomplish without using AAA authorization on the Cisco Terminal Server?
Is it possible to use "privlege level" to accomplish this?  if so, how?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
cciesec2011 Fri, 04/22/2011 - 05:39

Ofcourse, it can be done with ACS for autocommand but AAA authorization is required.  In my original post, I was trying to avoid it.  How can it be done with the username on the ACS but AAA authorization is local on the cisco terminal server?

andrew.prince@m... Fri, 04/22/2011 - 11:38

Well AFAIK the router has to refer to the authorization for exec to the ACS for it to work.

Your other option is just create a local user on the TS and refer the menu to the local db.

HTH>

Actions

Login or Register to take actions

This Discussion

Posted April 20, 2011 at 10:46 AM
Stats:
Replies:5 Avg. Rating:
Views:1238 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard