Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
0
Helpful
2
Replies

Cisco ACS

danny_ng
Level 1
Level 1

‎01-25-2002 06:41 PM - edited ‎02-21-2020 09:58 AM

Anyone can help for the following question ?

How many NAS priviledge password or users can be created via the Cisco ACS?

Can the users can their password for next login. Will it must did it on ACS server or? This provides sense to memorize the password. Please advise. Thanks.

Labels:
0 Helpful
2 Replies 2

cjacinto
Cisco Employee
Cisco Employee

‎02-21-2002 04:49 PM

The number of users and corresponding password on created on the internal Cisco ACS db, is limited by the hard disk space of the server itself. It could easily handle 100,000 users as per:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/user/z.htm#xtocid1276317

For your second question, could you pls clarify? If you are after the users being able to change their passwords themselves, you could do this with the UCP as in:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/ucp30.htm

0 Helpful

sbhadrav@cisco.com
Level 5
Level 5

‎03-13-2018 12:39 PM

Assign ACS ver 4.2 and  to setup users with limited access to our switchs and routers.  Here is what to do?
1) Created a user in ACS
2) Create Shell command Autorization Set - ReadOnly

          Unmatched Commands - Deny

          Commands Added

               show

               exit

          * this should limit the user to the show and exit command only (correct)?

3) Created a group - HelpDesk with the following TACACS+ Settings

          Shell (exec) is checked

          Priviledge level is check with 15 as the assigned level

          Assign a Shell Command Authorization Set for any network device - selected

          ReadOnly - shell command autorization set seleted

When the user logs on to the router/switch it appears that he has full access.  He can enter the enable command, config terminal command, etc.  All we want him to be able to do is to issue the show command.

0 Helpful
Customers Also Viewed These Support Documents