Cisco Support Community
Community Member

Cisco ACS

Anyone can help for the following question ?

How many NAS priviledge password or users can be created via the Cisco ACS?

Can the users can their password for next login. Will it must did it on ACS server or? This provides sense to memorize the password. Please advise. Thanks.

Cisco Employee

Re: Cisco ACS

The number of users and corresponding password on created on the internal Cisco ACS db, is limited by the hard disk space of the server itself. It could easily handle 100,000 users as per:

For your second question, could you pls clarify? If you are after the users being able to change their passwords themselves, you could do this with the UCP as in:

Cisco Employee

Re: Cisco ACS

Assign ACS ver 4.2 and  to setup users with limited access to our switchs and routers.  Here is what to do?
1) Created a user in ACS
2) Create Shell command Autorization Set - ReadOnly

          Unmatched Commands - Deny

          Commands Added



          * this should limit the user to the show and exit command only (correct)?

3) Created a group - HelpDesk with the following TACACS+ Settings

          Shell (exec) is checked

          Priviledge level is check with 15 as the assigned level

          Assign a Shell Command Authorization Set for any network device - selected

          ReadOnly - shell command autorization set seleted

When the user logs on to the router/switch it appears that he has full access.  He can enter the enable command, config terminal command, etc.  All we want him to be able to do is to issue the show command.

CreatePlease to create content