Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

how to write ACL to allow only management Server for ACS server?

Dear All

please guide me how can i write ACL to block all other subnets except management server or magmt vlan for ACS server?

ACS server is connected to core switch,  core switch has Vlans 192.168.3.0 - 8.0 network management Vlan is 192.168.2.0 ACS server IP is 192.168.2.17 management server IP is 192.168.2.16 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hi,

Hi,

If you want certain ip address(es) to manage ACS, you can do this in ACS by going to System Administration>Administrators>Settings>Access> select Allow only listed IP addresses to connect>Create>Put the ip address(es) that are permitted.

HTH,

***Please rate and mark the comment correct if you find it helpful. Thanks.***

4 REPLIES
New Member

Hi,

Hi,

If you want certain ip address(es) to manage ACS, you can do this in ACS by going to System Administration>Administrators>Settings>Access> select Allow only listed IP addresses to connect>Create>Put the ip address(es) that are permitted.

HTH,

***Please rate and mark the comment correct if you find it helpful. Thanks.***

Highlighted
New Member

we have ACS 4.2 version i don

we have ACS 4.2 version i don't know this option available or not, i will update you tomorrow meanwhile if you can tell me can we block access using ACL ?

New Member

Thank you for your great

Thank you for your great reply, its work, now can access only from management server,

but the he problem is. its showing Invalid administrator connection from another subnet is there any way to block from ACL so the traffic wont reach the interface

New Member

wow tight security policy.

wow tight security policy.

1. on the switch where the the SVI/vlan interface of the other subnet that you don't want to talk to Secure ACS server, create an extended access list.

    ip access extended [acl name or number]

    deny ip 192.168.3.0 [wildcard mask] host 192.168.2.17

    permit ip any any

2.  apply the acl you created on step 1 inbound to the SVI/vlan interface of the other subnet. For example it is on SVI/vlan interface 7.

     interface vlan 7

     ip access-group [acl name or number] in

3. wr mem

4. Just repeat the same steps above for the other subnets that you don't want to communicate with Secure ACS server. 

HTH

***Please rate and mark the comment correct if you find it helpful. Thanks.***

    

    

77
Views
0
Helpful
4
Replies
CreatePlease to create content