Using 2 different profiles to telnet a 2600 Terminal Server through ACS
I am using a 2600 router as a Terminal Server to give access for students to an INTRO and ICND LAB. The authentication is made through a TACACS+ server running the ACS v3.3. I am using the "menu" command and the "autocommand menu" command in the line vty, so that when the students telnet the Terminal server, they are prompted by the LAB menu. But I want to have a second profile (for the instructors) which give them the access directly to the user prompt of the Terminal server, bypassing the menu.
Re: Using 2 different profiles to telnet a 2600 Terminal Server
I've finaly solved the problem, and I give the solution here if anyone has to meet this requierment:
In the ACS, you must use 2 groups, one group for the instructors, and the other group for the students. In the Student group setting, you tick the "Shell (exec)" box and the "Auto command" box, adding the exec command you want to perform after students logged (in my case it's the "menu" command with the string "console" as a parameter).
In the instructors group you tick the "Shell (exec)" box only.
And the you will configure AAA authorization in order to permit the students to run the exec Automand, with the command (under line vty):
authorization exec LIST
where LIST is your authorization list.
The config of the Terminal Server (cisco 2600) and the view of the ACS is attached.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...