Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 3.0 Authorization

Dear All:

I want restrict someone user can access inside ftp server but can't access inside telnet server by through authroization on ACS 3.0

In addtion to , I want to know ACS 3.0 can logging who login inside ftp server and who attemp to login inside telnet server

Thanks for you help

2 REPLIES
New Member

Re: ACS 3.0 Authorization

The approach you take depends somewhat on where the user is originating the request.

If they are dialing in, you can pass down an ACL from ACS.

aaa authentication ppp default group tacacs local

aaa authorization network default group tacacs local

If they are telnetting in from a router, then you can enable command authorization on the router:

aaa authentication login default group tacacs local

aaa authorization exec default group tacacs local

aaa authorization commands 1 default group tacacs local

aaa authorization commands 15 default group tacacs local

Then configure a command authorization set in ACS.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/user/c.htm#xtocid1001113

HTH

Jeff

New Member

Re: ACS 3.0 Authorization

Thank you for you reponse , But i would like to know about ACS Accounting, whetrher ACS 3.0 could logging service type (for example : telnet , ftp , pop3 ) when someone user access service form outside dialing

Thanks in advinces

84
Views
0
Helpful
2
Replies
CreatePlease to create content