05-10-2002 02:35 PM - edited 03-08-2019 10:35 PM
Hi,
I'm working with CiscoSecure ACS 3.0 for Windows and have a client who wants to authenticate users via TACACS for their routers. Basic authentication is working fine. They are looking to only allow one group of users log in to a few routers, and everyone else able to login into all routers.
They have created 2 groups, one for everyone, and the other group for the few users who only need to login to the few routers.
I'm trying to find a way within ACS to only permit that groups users to only be able to authenticate on those specified devices only. So far, I haven't been able to find a way to do this. The customer would rather do this via TACACS then use access-lists, access-classes, or local username database on the routers.
Does anyone have any ideas on how to do this in ACS?
Thanks in advance,
Erick
05-10-2002 03:11 PM
Under the 'Group Setting' for the group you want to minimize access for, look for the Network Access Restrictions area (just below the default time of day and callback settings). Check the check box. Specify in the Table Defines pull down 'Permitted Calling/Point of Access Locations'. In the Access Server pull down, look for one of the routers you want to give this group access to. Just put an asterisk (*) in the Port and Address field. Then click the enter button to add the NAS. Continue adding NAS' in the same manner.
Hope this helps!!
05-10-2002 11:07 PM
Thanks alot... that did it. I was just about to read up on the network access restrictions. I haven't really used ACS that much but now have been playing with it the past 2-3 days and think I have a fairly good understanding now.
Thanks again for the help, Erick
05-11-2002 10:15 AM
You are welcome...
07-18-2002 12:56 AM
I have the same question ,but i am using acs 2.3(6) of solaris
how can I do to define different group to login different routers?
Pls help me to reslove it
thx
07-18-2002 01:55 AM
Take a look at http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/ndmse_wp.htm.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: