08-02-2013 03:03 PM - edited 02-21-2020 04:56 AM
Hello
trying to setup the following scenario:
have a user BOB created in Cisco ACS 4.2
have several network devices with different management IP addresses all added in Cisco ACS 4.2
want to be able to allow BOB to access network devices only if BOB's access request is coming from one ip address 1.1.1.1
If BOB is trying to access network devices from any other ip addresses, the request should be denied regardless of the fact that BOB has full access to all network devices.
Is there a way to acomplish this using Cisco ACS 4.2
Appreciate your input.
Regards,
Solved! Go to Solution.
08-05-2013 03:58 PM
I'm not sure how or if you can do this using ACS. You MIGHT be able to use the Network Access Restriction feature although I've never tried it. Reference.
It would be easy to just put an access-list on the devices' vty lines though restricting access to 1.1.1.1. (although that would affect all users.)
08-05-2013 03:58 PM
I'm not sure how or if you can do this using ACS. You MIGHT be able to use the Network Access Restriction feature although I've never tried it. Reference.
It would be easy to just put an access-list on the devices' vty lines though restricting access to 1.1.1.1. (although that would affect all users.)
08-12-2013 09:54 AM
It is actually possible, thanks for your doc reference:
in ACS setup AAA client user will be allowed to call from
in ACS setup NAR (devices you want to allow access to);
create user in ACS
configure user access in ACS:
allow access to required NARs
define IP - based access restrictions
Permitted calling / point of access locations
enter AAA client from which user will call (* for ports and * for ip address)
Save and test
In failed attempts you should see Authentication failure code "Users access filtered" when trying to login to NAR devices with new username and from non-permitted calling client/ip address.
Thanks for you help.
08-12-2013 08:24 PM
Excellent. Glad it worked out for you. We both learned something.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: