AAA features with TACACS+ for reverse telnet

EvaldasOu · ‎01-16-2012

Hello guys and girls!

We have an AccessServer ((Terminal Server) ( Cisco 2800 router)) , there is 10 more devices in our lab. We can reach all these devices via AccessServer, with reverse telnet configuration. (I'm talking about this connection).

We are using tacacs.net ( www.tacacs.net ) server. Authentication is working. Is it possible to do accounting and authorization, not just on access server, but on other devices too?

For example to prohibit commands : erase flash/format/debug all - on these devices?

Maybe anyone has accomplished these kind of configuration?

Any kind information is highly appreciated!

tariq.ahmad · ‎01-16-2012

You could configure command authorization( normally all TACACS+ servers would support this) or you could assign privilege levels to commands & make it work. For Shel command authorization configuration, refer to this guide. For privilege level assignment, refer to this guide which also mentions supporting configuration for tacacs+ freeware servers (in addition to cisco acs server).

Hope this helps.

EvaldasOu · ‎02-23-2012

Ok. I have cisco ACS. Can somebody post exact configuration for reverse telnet ? Router configuration not the ACS or other TACACS/RADIUS server. How do you authorize reverse telnet connections?

With my configurations there is always an error ... "Authorization failed"