Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Restricting users to certain Routers only

Hi,

I'm working with CiscoSecure ACS 3.0 for Windows and have a client who wants to authenticate users via TACACS for their routers. Basic authentication is working fine. They are looking to only allow one group of users log in to a few routers, and everyone else able to login into all routers.

They have created 2 groups, one for everyone, and the other group for the few users who only need to login to the few routers.

I'm trying to find a way within ACS to only permit that groups users to only be able to authenticate on those specified devices only. So far, I haven't been able to find a way to do this. The customer would rather do this via TACACS then use access-lists, access-classes, or local username database on the routers.

Does anyone have any ideas on how to do this in ACS?

Thanks in advance,

Erick

5 REPLIES
New Member

Re: Restricting users to certain Routers only

Under the 'Group Setting' for the group you want to minimize access for, look for the Network Access Restrictions area (just below the default time of day and callback settings). Check the check box. Specify in the Table Defines pull down 'Permitted Calling/Point of Access Locations'. In the Access Server pull down, look for one of the routers you want to give this group access to. Just put an asterisk (*) in the Port and Address field. Then click the enter button to add the NAS. Continue adding NAS' in the same manner.

Hope this helps!!

Re: Restricting users to certain Routers only

Thanks alot... that did it. I was just about to read up on the network access restrictions. I haven't really used ACS that much but now have been playing with it the past 2-3 days and think I have a fairly good understanding now.

Thanks again for the help, Erick

New Member

Re: Restricting users to certain Routers only

You are welcome...

New Member

Re: Restricting users to certain Routers only

I have the same question ,but i am using acs 2.3(6) of solaris

how can I do to define different group to login different routers?

Pls help me to reslove it

thx

New Member

Re: Restricting users to certain Routers only

212
Views
0
Helpful
5
Replies
CreatePlease to create content