Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configured Nacs- how to restrict AAA client access by specified Password

Hi all

i hav given the below config in AAA Client& added the Client in User,Group, the NAR is configured for all Clients ,

But my requirement is restrict AAA client access by specified Password

aaa new-model

aaa group server tacacs+ NACS_Group1

server 10.x.x.x

server 10.y.y.y

!

aaa authentication login default group NACS_Group1 local

aaa authentication enable default group NACS_Group1 enable

aaa authorization config-commands

aaa authorization exec default group NACS_Group1 if-authenticated

aaa authorization exec NACS_Group1 group tacacs+ local

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

1 REPLY
Anonymous
N/A

Re: Configured Nacs- how to restrict AAA client access by specif

You use the Network Access Restrictions table in the Advanced Settings area of User Setup to set NARs in three ways:

Apply existing shared NARs by name.

Define IP-based access restrictions to permit or deny user access to a specified AAA client or to specified ports on an AAA client when an IP connection has been established.

Define CLI/DNIS-based access restrictions to permit or deny user access based on the CLI/DNIS that is used.

Note: You can also use the CLI/DNIS-based access restrictions area to specify other values. See the Network Access Restrictions section for more information.

124
Views
0
Helpful
1
Replies