Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 2901 terminal server and restricting access

I have a Cisco 2901 Terminal server with AAA authentication via ACS server.  I create two
accounts on the acs server, cciesec2011 and vendor.  Both accounts can log into the Cisco
2901 Terminal Server without any issues.  By the way, I am NOT using AAA authorization on
the  Cisco Terminal Server.  Once cciesec2011 or vendor accounts are authenticated, these
accounts can access all the async line on the Cisco Terminal Server.

Now I have a new requirements.  I would like to allow cciesec2011, once this account is
successfully authenticated, this account has access to ALL async line on the Terminal
Server.  The "vendor" account, I want to restrict this account access only to async
line 35 (there are 32 async lines available on the Cisco Terminal Server) and nothing
else.

How can I accomplish without using AAA authorization on the Cisco Terminal Server?
Is it possible to use "privlege level" to accomplish this?  if so, how?

Thanks in advance.

5 REPLIES

Re: Cisco 2901 terminal server and restricting access

write a "menu" that is delivered based on username.

HTH>

Bronze

Re: Cisco 2901 terminal server and restricting access

How do you do that when the username is on the ACS server?  From the example below, the username is "local":

http://routerric.blogspot.com/2008/10/cisco-menu.html

Re: Cisco 2901 terminal server and restricting access

I am no ACS exeprt - but I do know how to use google - search on "cisco acs auto menu command"

New Member

Re: Cisco 2901 terminal server and restricting access

Ofcourse, it can be done with ACS for autocommand but AAA authorization is required.  In my original post, I was trying to avoid it.  How can it be done with the username on the ACS but AAA authorization is local on the cisco terminal server?

Re: Cisco 2901 terminal server and restricting access

Well AFAIK the router has to refer to the authorization for exec to the ACS for it to work.

Your other option is just create a local user on the TS and refer the menu to the local db.

HTH>

1410
Views
0
Helpful
5
Replies