12-14-2009 12:06 PM - edited 03-10-2019 04:50 PM
Hi !
I curently working of deploying ACS 5.1.0.44 to authenticate administrative session on our telecom devices. In version 4.2 I had the possibility to have in the log from wich IP address the administrative session is attempt. I had also able to permit or deny the administrative session base on the IP address of the administrative session request.
I can't find the equivalent parameter in version 5.1, someone can help me ? I find the location parameter what is probebly for this purpose, but I did not find where I assign the IP address with the location's name.
Also if someone have a better idea to limit the user used by CiscoWorks software for the CiscoWorks software only and denying any other software trying to use CiscoWorks credentials to make an attempt on any devices, and make sure when we see CiscoWorks credentials in the logs we can be sure the connection was made by CiscoWorks software on the device.
Thanks a lot !
12-15-2009 12:19 PM
Permit or deny the administrative session base on the IP address of the administrative session request is available on the following page:
System Administration > Administrators > Settings > Access
Can you please clarify what you mean by "log from wich IP address the administrative session is attempt". Audit log records include the IP address of the administrator session.
12-16-2009 03:39 AM
Hi !
this setting is for the administrative session to setup the ACS it-self, what I was asking for is for administrative session for the ACS server it-self. My question is about administrative session on AAA clients.
We are using CiscoWorks to managedour Cisco's telecom devices. CiscoWorks need user crendentials to open administrative session when we are use CiscoWork to deploy some changes on our networks. CiscoWorks need also user's crendential to pick-up a backup copy of the configuration, deploy new IOS and some other job deployment operation.
ACS solution was buyed the make more difficult to impersonate someone else in administrative session on our telecom devices. Actually because users crendentials are knowed by everyone in the team on this cannot be work in different manner, we would like to deny any administrative session try with CiscoWorks user's crendentials which are not came from CiscoWorks server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: