Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How can Tacacs+ be used to control very specific CiscoWorks 2k access?

I'm well aware how to control local users in CW2K with Roles. What about on the Tacacs+ server? In CiscoSecure ACS, I am not aware of any specific CW2K security settings. All info appreciated!

URL would be great!

4 REPLIES
Blue

Re: How can Tacacs+ be used to control very specific CiscoWorks

See http://www/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_d/5steditn/gs_guide/setup.htm which has a section on 'Using the Pluggable Authentication Modules' and have steps on how to set this up with CW2K

New Member

Re: How can Tacacs+ be used to control very specific CiscoWorks

Thanks for the response.

However I do know how to setup the "New Login Module" for Tacacs+. I am familiar with how CiscoWorks 2K can borrow the security from a Tacacs server.

My question remains:

How do I setup and control VERY specific user access with the Tacacs+ plugin from a tacacs server on CW2K?

Example: The above is all installed with the Tacacs plugin. Joe logs into Ciscoworks, and is authenticated via the Tacacs server. Later Fred logs into Ciscoworks, also authenticated via the Tacacs server.

How, very specific steps, do I ensure Joe is only a CW2K helpdesk user, but Fred can do advanced CW2K features, edit ACL, config editor, etc.

Again, I know exactly how to do these steps with Local CW2k users, but how precicely do I do this with Tacacs server?

URL great., if it exists.

Thanks!!!!

New Member

Re: How can Tacacs+ be used to control very specific CiscoWorks

You will use the TACACS+ server to provide authentication; however, CiscoWorks will continue to provide authorization for the users. In other words, create a local account with network administrator rights called "Fred" and create a local account with help desk rights called "Joe". When either of the users logs into CiscoWorks, the TACACS+ server will authenticate their password. However, the accounts will be assigned access based on the local user account of the same name. If you do not specify a local account, but the TACACS+ account exists, the user will be given access to CiscoWorks with help desk rights.

I hope this helps.

Blue

Re: How can Tacacs+ be used to control very specific CiscoWorks

TACACS+ will give you only the authentication, the user roles still need to be created and managed in the local CW2K database via Server configuration.

97
Views
0
Helpful
4
Replies