Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Restrict modem dialout with ACS

Hi ..

Using ACS I'm trying to limit reverse telnet access to a modem which will later be used by TTYredirector. I want the users to only have access to the modem. We are on 3.01 ACS (yeah I know old) ..

When I use the Network Access restrictions with device:2065:* (2065 being the line assigned port) i get service denied service=raccess tty65 in the Failed Attempts Log.

Do I need to add this service to the TACACS+ under Interface Config ? .. whats the params ? I tried just putting raccess in the new services which added a section under user/group depending on which i selected but nothing else.

on the router i have :

aaa authorization reverse-access default group tacacs+

Advice welcome, google has drawn a zero so far.

Paul

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Restrict modem dialout with ACS

Paul

Its not the NAR causing the problem - this would result in a "user filtered" message in the failed attempts.

Looks like the problem is that your group config doesnt authorise the raccess service.

Because this isnt a standard pre-defined service in ACS you'll need to goto sys config then tacacs+ (in ACS) and define a custom tacacs service. Call it "raccess". In the group setup you'll then be to enable it and set any attributes you may need.

Darran

2 REPLIES
Silver

Re: Restrict modem dialout with ACS

Paul

Its not the NAR causing the problem - this would result in a "user filtered" message in the failed attempts.

Looks like the problem is that your group config doesnt authorise the raccess service.

Because this isnt a standard pre-defined service in ACS you'll need to goto sys config then tacacs+ (in ACS) and define a custom tacacs service. Call it "raccess". In the group setup you'll then be to enable it and set any attributes you may need.

Darran

Community Member

Re: Restrict modem dialout with ACS

thank you .. this has got me 1 step further. i now have a NAR problem which I'll work through ..

161
Views
0
Helpful
2
Replies
CreatePlease to create content