Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
2
Replies

Restrict modem dialout with ACS

Go to solution
pregan
Level 1
Level 1

‎02-20-2007 08:57 AM - edited ‎03-10-2019 02:59 PM

Hi ..

Using ACS I'm trying to limit reverse telnet access to a modem which will later be used by TTYredirector. I want the users to only have access to the modem. We are on 3.01 ACS (yeah I know old) ..

When I use the Network Access restrictions with device:2065:* (2065 being the line assigned port) i get service denied service=raccess tty65 in the Failed Attempts Log.

Do I need to add this service to the TACACS+ under Interface Config ? .. whats the params ? I tried just putting raccess in the new services which added a section under user/group depending on which i selected but nothing else.

on the router i have :

aaa authorization reverse-access default group tacacs+

Advice welcome, google has drawn a zero so far.

Paul

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
darpotter
Level 5
Level 5

‎02-20-2007 12:10 PM

Paul

Its not the NAR causing the problem - this would result in a "user filtered" message in the failed attempts.

Looks like the problem is that your group config doesnt authorise the raccess service.

Because this isnt a standard pre-defined service in ACS you'll need to goto sys config then tacacs+ (in ACS) and define a custom tacacs service. Call it "raccess". In the group setup you'll then be to enable it and set any attributes you may need.

Darran

View solution in original post

0 Helpful
2 Replies 2

Go to solution
darpotter
Level 5
Level 5

‎02-20-2007 12:10 PM

Paul

Its not the NAR causing the problem - this would result in a "user filtered" message in the failed attempts.

Looks like the problem is that your group config doesnt authorise the raccess service.

Because this isnt a standard pre-defined service in ACS you'll need to goto sys config then tacacs+ (in ACS) and define a custom tacacs service. Call it "raccess". In the group setup you'll then be to enable it and set any attributes you may need.

Darran

0 Helpful

Go to solution
pregan
Level 1
Level 1
In response to darpotter

‎02-21-2007 01:10 AM

thank you .. this has got me 1 step further. i now have a NAR problem which I'll work through ..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents