Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access Control Server authentication restriction

Hi !

I have to setup our ACS to authentication all administrative session on our telecom device. Based on our security policies all use need to be authenticate by a secured password and also a second component like a security token or something else.... At this this OK I see the ACS can work with external database user which can use OTP or security token.

My concern is about our user's management software CiscoWorks. Because Ciscoworks software use it's user credentiels to run most of management job in telecom device it's use must can be autheticate by the ACS. For second authentication factor, I would like to use the source IP address of the request (I know it's very basic, security feature, but I think it's the first step.... we are not using any certificate server...) The CiscoWorks user must not be used from other IP address of the CiscoWorks server... which in some part of the network was maybe NAT by FireWalls.... I would like to know if the source of the request is also transmis to the ACS and how I can make sure the authentication request came from CiscoWorks server IP address.

I use ACS SE software version, at this time.... because the version 5 does'nt support token authentification....

Thanks a lot !

New Member

Re: Access Control Server authentication restriction


The AAA client that in this case is CISCOWORKS always send the IP address information.

The restriction that you want to accomplish can be done with a NAR.

Please see link below that explain this feature.

Hope it helps.