topic Cisco ACS in Network Access Control

Cisco ACS

danny_ng — Fri, 21 Feb 2020 17:58:49 GMT

Anyone can help for the following question ?

How many NAS priviledge password or users can be created via the Cisco ACS?

Can the users can their password for next login. Will it must did it on ACS server or? This provides sense to memorize the password. Please advise. Thanks.

Re: Cisco ACS

cjacinto — Fri, 22 Feb 2002 00:49:54 GMT

The number of users and corresponding password on created on the internal Cisco ACS db, is limited by the hard disk space of the server itself. It could easily handle 100,000 users as per:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/user/z.htm#xtocid1276317

For your second question, could you pls clarify? If you are after the users being able to change their passwords themselves, you could do this with the UCP as in:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/ucp30.htm

Re: Cisco ACS

sbhadrav@cisco.com — Tue, 13 Mar 2018 19:39:37 GMT

Assign ACS ver 4.2 and to setup users with limited access to our switchs and routers. Here is what to do?
1) Created a user in ACS
2) Create Shell command Autorization Set - ReadOnly

          Unmatched Commands - Deny

          Commands Added

               show

               exit

          * this should limit the user to the show and exit command only (correct)?

3) Created a group - HelpDesk with the following TACACS+ Settings

          Shell (exec) is checked

          Priviledge level is check with 15 as the assigned level

          Assign a Shell Command Authorization Set for any network device - selected

          ReadOnly - shell command autorization set seleted

When the user logs on to the router/switch it appears that he has full access. He can enter the enable command, config terminal command, etc. All we want him to be able to do is to issue the show command.