Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1004
Views
0
Helpful
4
Replies

how to write ACL to allow only management Server for ACS server?

Go to solution
Akbar ali Sultan
Level 1
Level 1

‎06-14-2016 09:52 AM

Dear All

please guide me how can i write ACL to block all other subnets except management server or magmt vlan for ACS server?

ACS server is connected to core switch,  core switch has Vlans 192.168.3.0 - 8.0 network management Vlan is 192.168.2.0 ACS server IP is 192.168.2.17 management server IP is 192.168.2.16 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
agapitca19
Level 1
Level 1

‎06-14-2016 10:31 AM

Hi,

If you want certain ip address(es) to manage ACS, you can do this in ACS by going to System Administration>Administrators>Settings>Access> select Allow only listed IP addresses to connect>Create>Put the ip address(es) that are permitted.

HTH,

***Please rate and mark the comment correct if you find it helpful. Thanks.***

View solution in original post

0 Helpful
4 Replies 4

Go to solution
agapitca19
Level 1
Level 1

‎06-14-2016 10:31 AM

Hi,

If you want certain ip address(es) to manage ACS, you can do this in ACS by going to System Administration>Administrators>Settings>Access> select Allow only listed IP addresses to connect>Create>Put the ip address(es) that are permitted.

HTH,

***Please rate and mark the comment correct if you find it helpful. Thanks.***

0 Helpful

Go to solution
Akbar ali Sultan
Level 1
Level 1
In response to agapitca19

‎06-14-2016 04:34 PM

we have ACS 4.2 version i don't know this option available or not, i will update you tomorrow meanwhile if you can tell me can we block access using ACL ?

0 Helpful

Go to solution
Akbar ali Sultan
Level 1
Level 1
In response to agapitca19

‎06-15-2016 03:08 AM

Thank you for your great reply, its work, now can access only from management server,

but the he problem is. its showing Invalid administrator connection from another subnet is there any way to block from ACL so the traffic wont reach the interface

0 Helpful

Go to solution
agapitca19
Level 1
Level 1
In response to Akbar ali Sultan

‎06-15-2016 05:38 PM

wow tight security policy.

1. on the switch where the the SVI/vlan interface of the other subnet that you don't want to talk to Secure ACS server, create an extended access list.

    ip access extended [acl name or number]

    deny ip 192.168.3.0 [wildcard mask] host 192.168.2.17

    permit ip any any

2.  apply the acl you created on step 1 inbound to the SVI/vlan interface of the other subnet. For example it is on SVI/vlan interface 7.

     interface vlan 7

     ip access-group [acl name or number] in

3. wr mem

4. Just repeat the same steps above for the other subnets that you don't want to communicate with Secure ACS server. 

HTH

***Please rate and mark the comment correct if you find it helpful. Thanks.***

    

    

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents