Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 2.4 for NT

Hi everyone!!!

I'd like to know if is possible ACS authenticate only LAN/WAN traffic.

In other words if I can configure access-list profiles and configure a specific user or group in ACS for it or vice-versa.

My cenario is follow:

I have a separeted network called Engineering Network where only few users (Engineering guys)can access this environment, we started authorization for this network only using access-lists but this architecture depends of static IP addresses in each machine that needs to get-in on this network, what is very bad to managed and not provide a good control (logging).

Any Ideas???

Thanks

Milton

1 REPLY
New Member

Re: ACS 2.4 for NT

Two things that I can think of for you to think about. You can use Authentication-Proxy that is only triggered on http traffic. This will allow for for per-user access to the network by downloading an acl from a AAA server. The other solution is to use lock and key, which will be triggered when the user telnets to the router and authenticates. Then they will be able to access to the remote network and the telnet session will be dropped from the router.

Hope this helps...

Marcus

100
Views
0
Helpful
1
Replies
CreatePlease to create content