Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 3.3

I'm using ACS 3.3 and I'm trying to restrict telnet access to some subnets only. Is there any option in the ACS that can be accomplished with?

3 REPLIES

Re: ACS 3.3

Hi Nawas,

You mean to restrict ONLY telnet access or you want to deny access using all modes like telnet, SSH, HTTP/s etc.

If you want to deny all modes to a specific AAA Clients, then you can use NAR's

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697095

Regards,

New Member

Re: ACS 3.3

No, I want to allow some users to (5 users) to access telnet only to subnet like 10.9.x.x and 10.8.x.x. and other users to access everything.

Re: ACS 3.3

Still the answer is NAR,

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

You need to apply NAR on per user basis, for those 5 users, and nothing on rest of them.

Resulting, Rest of them will have full access.

And under IP based NAR for these 5 users on user basis, restrict them to subnet

Use Shared Profile component section,s NAF and NAR together, and then apply it on user level.

10.9.*.* (Create a NAF for this)

Port : *

Address : *

10.8.*.* (Create a NAF for this)

Port : *

Address : *

NAF : Available on 4.x, else if you have 3.x, then it depends on how you have created your NDG, else it depends on how you have created AAA clients on ACS, lots of combinations possible. To summarize it all.

You have to play with it.

Regards,

Prem

Regards,

Prem

129
Views
0
Helpful
3
Replies
CreatePlease login to create content