Using 2 different profiles to telnet a 2600 Terminal Server through ACS

semehjamel · ‎09-25-2006

Hi,

I am using a 2600 router as a Terminal Server to give access for students to an INTRO and ICND LAB. The authentication is made through a TACACS+ server running the ACS v3.3. I am using the "menu" command and the "autocommand menu" command in the line vty, so that when the students telnet the Terminal server, they are prompted by the LAB menu. But I want to have a second profile (for the instructors) which give them the access directly to the user prompt of the Terminal server, bypassing the menu.

Thanks for answers !

semehjamel · ‎09-27-2006

Hi,

I've finaly solved the problem, and I give the solution here if anyone has to meet this requierment:

In the ACS, you must use 2 groups, one group for the instructors, and the other group for the students. In the Student group setting, you tick the "Shell (exec)" box and the "Auto command" box, adding the exec command you want to perform after students logged (in my case it's the "menu" command with the string "console" as a parameter).

In the instructors group you tick the "Shell (exec)" box only.

And the you will configure AAA authorization in order to permit the students to run the exec Automand, with the command (under line vty):

authorization exec LIST

where LIST is your authorization list.

The config of the Terminal Server (cisco 2600) and the view of the ACS is attached.

Bye !