Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS - allow only telnet access

Hi Experts,

is there a way to allow user / group in the acs to access comm equipment with telnet only (not allowed to use ssh or http)

many thanks

3 REPLIES
Bronze

Re: ACS - allow only telnet access

New Member

Re: ACS - allow only telnet access

but it's not answering the quastion how to allow only telnet access.

New Member

Re: ACS - allow only telnet access

There is no way that ACS can differenticate between a telnet or a ssh session . It can differentiate a Http session from a telnet session but if you block the http , the telnet will be blocked automatically . The workaround is to put restrictions on the IOS devices .

If you want uses not to ssh to the IOS devices , then disable the ssh on the vty of the device .( use the command transport input telnet on vty and this will enble only telnet on vty )

For Http authentication there are 2 ways :

1) Point the http authentication to local database of the device and donot configure local username pass for all the users except for those you want to allow.

2) For the second method you need to configure aaa authorization exec default group tacacs local " command on the device and in ACS group check shell (exec) and under privelege level assign 2 privelege . Now users will not ve able to http to device but can telnet .

Hope this helps .

regards,

Jasjeet

200
Views
0
Helpful
3
Replies
CreatePlease to create content