Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS For Network Devices With Restricted Access...


We have ACS 4.1 Integrated with our AD which is in use for our WLAN Users (PEAP Authentication & Easy VPN). We have configured our network devices to authenticate through ACS, the issue with current setup is that any user who is accessing the WLAN or VPN can access my network devices. We want only certain users to access the network devices. How can we achieve anyone have an idea...if my question is not clear please revert back to me...




Re: ACS For Network Devices With Restricted Access...

Normally this type of question would be over in the security forum.

There are a myrid of ways to accomplish this task. Here's how I do it in my company:

For device telnet/ssh access (routers, switches, APs) we use TACACS+, while remote access (WLAN, VPN, and terminal server) we use RADIUS. TACACS+ is more detailed in command logging so thats why we have it for vty access.

We created AD groups for VPN; VPN and Wireless; VPN, wireless, and terminal server; Device access (level 7 for operators), and Device access (level 15) and associated mapped local groups on the AAA server cluster. We then assigned access permissions and command sets using the ACS server groups.

Now its just a matter of assigning someone to the appropriate AD group to assign them to a network role.

New Member

Re: ACS For Network Devices With Restricted Access...

Thanks alot for your response...I will post my question on Security Forum...If you have some documnetation that would help me alot.