Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
0
Helpful
5
Replies

Restricting users to certain Routers only

Erick Bergquist
Level 6
Level 6

‎05-10-2002 02:35 PM - edited ‎03-08-2019 10:35 PM

Hi,

I'm working with CiscoSecure ACS 3.0 for Windows and have a client who wants to authenticate users via TACACS for their routers. Basic authentication is working fine. They are looking to only allow one group of users log in to a few routers, and everyone else able to login into all routers.

They have created 2 groups, one for everyone, and the other group for the few users who only need to login to the few routers.

I'm trying to find a way within ACS to only permit that groups users to only be able to authenticate on those specified devices only. So far, I haven't been able to find a way to do this. The customer would rather do this via TACACS then use access-lists, access-classes, or local username database on the routers.

Does anyone have any ideas on how to do this in ACS?

Thanks in advance,

Erick

Labels:
0 Helpful
5 Replies 5

bstillman
Level 1
Level 1

‎05-10-2002 03:11 PM

Under the 'Group Setting' for the group you want to minimize access for, look for the Network Access Restrictions area (just below the default time of day and callback settings). Check the check box. Specify in the Table Defines pull down 'Permitted Calling/Point of Access Locations'. In the Access Server pull down, look for one of the routers you want to give this group access to. Just put an asterisk (*) in the Port and Address field. Then click the enter button to add the NAS. Continue adding NAS' in the same manner.

Hope this helps!!

0 Helpful

Erick Bergquist
Level 6
Level 6
In response to bstillman

‎05-10-2002 11:07 PM

Thanks alot... that did it. I was just about to read up on the network access restrictions. I haven't really used ACS that much but now have been playing with it the past 2-3 days and think I have a fairly good understanding now.

Thanks again for the help, Erick

0 Helpful

bstillman
Level 1
Level 1
In response to Erick Bergquist

‎05-11-2002 10:15 AM

You are welcome...

0 Helpful

zhengj
Level 1
Level 1
In response to bstillman

‎07-18-2002 12:56 AM

I have the same question ,but i am using acs 2.3(6) of solaris

how can I do to define different group to login different routers?

Pls help me to reslove it

thx

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents