Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1753
Views
0
Helpful
1
Replies

AAA

emily
Level 1
Level 1

‎04-03-2003 02:01 AM - edited ‎03-10-2019 07:14 AM

I would like to know whether is possible to configure per user or group acl with TACACS authentication method,i know Radiusd can support "Download PIX ACL" , due to Radiusd accounting can't see "cmd" service , So i perfer used TACACS.but TACACS don't support "Download PIX ACL"

So anyone can tell me have any way , when i used TACACS i want restric HR group can access 192.168.1.0 255.255.255.0 any service and deny other

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎04-07-2003 09:28 PM

TACACS doesn't support downloadable ACL's as you've found out. To get this functionality with TACACS you have to define the ACl on the PIX itself, then just send down that ACL number via TACACS, that ACL is then applied to that users session.

See http://www.cisco.com/warp/public/110/pixcryaaa52.shtml#AAA_NT for what to enter in the use profile (note ACL 115) and http://www.cisco.com/warp/public/110/pixcryaaa52.shtml#xauth_without for how to define ACL 115 on the PIX itself.

0 Helpful
Customers Also Viewed These Support Documents