01-16-2012 08:18 AM - edited 03-10-2019 06:43 PM
Hello guys and girls!
We have an AccessServer ((Terminal Server) ( Cisco 2800 router)) , there is 10 more devices in our lab. We can reach all these devices via AccessServer, with reverse telnet configuration. (I'm talking about this connection).
We are using tacacs.net ( www.tacacs.net ) server. Authentication is working. Is it possible to do accounting and authorization, not just on access server, but on other devices too?
For example to prohibit commands : erase flash/format/debug all - on these devices?
Maybe anyone has accomplished these kind of configuration?
Any kind information is highly appreciated!
01-16-2012 02:14 PM
You could configure command authorization( normally all TACACS+ servers would support this) or you could assign privilege levels to commands & make it work. For Shel command authorization configuration, refer to this guide. For privilege level assignment, refer to this guide which also mentions supporting configuration for tacacs+ freeware servers (in addition to cisco acs server).
Hope this helps.
02-23-2012 06:55 AM
Ok. I have cisco ACS. Can somebody post exact configuration for reverse telnet ? Router configuration not the ACS or other TACACS/RADIUS server. How do you authorize reverse telnet connections?
With my configurations there is always an error ... "Authorization failed"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: