I have a Cisco 2811 router with a HWIC-16A adapter. I would like to implement it for access to several firewalls and core switches / routers. However, I would like to have provide seperation of access to the firewalls and core routers and switches. IE - user group 1 can only access firewalls, user group 2 only core devices, and user group 3 all connected devices.
Is it possible to do this through the use of tacacs+? If not, is it possible to do this using accounts directly on the 2811?
I have been thoroughly searching the forums and looking at the configuration options to find a solution, but have come up dry. I have a feeling that this is just something beyond capability, but it would be great to divide up user groups for access to various items through the "menu list" when connecting.
Thank you in advance for any guidance or assistance!
Yes, using Cisco ACS server. I'm stuck trying to find what links the different menu items to the users ability to make a menu selection / execute the command specification of that menu item (telnet to xxx.xxx.xxx.xxx device).
IE - how can I let group "admin" access all devices, while having a group "firewall" able to access all of firewall resources, while allowing both types of users to login to this particular router, but still preventing firewall from logging into any other router?
A brief example of the configuration options necessary to restrict this would be great. Is my confusion clear / is what I'm asking clear?
The 2811 that provides the terminal access through the HWIC-16A connections does not have any permissions management on board. However, I could use the ACS grouping and permissions system to require users to reauthenticate with the Cisco ACS server when they make a menu selection that ultimately redirects them to telnet to a device. They will then check permissions with the server when logging into that device, just as if they telnet to it from anywhere else?
I could then allow access to the 2811 but restrict what other commands they are able to execute in privileged mode?
I understand how Cisco ACS works - but I'm still not positive that I'm understanding how you imply I should associate it with my setup.
Remember - after connecting to the 2811, they make a selection to a menu item to connect via console to that device.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...