Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1821
Views
5
Helpful
2
Replies

ACS 5.3 deny onward ssh & telnet

ciaranjmurphy
Level 1
Level 1

‎06-08-2012 07:53 AM - edited ‎03-10-2019 07:10 PM

Hi folks,

I have a query about restricting users in a specific user group. The restriction is to stop a user from connecting onwards to another device once that user is already logged on to a Cisco networking device. So essentially blocking the telnet and ssh commands.

I had this working previously but I have been troubleshooting a CHAP authentication bug for the past few months with TAC so I cannot recall how I done it the first time.

Initially I tried to build the restriction in 'Command Sets' but that doesn't work;I think I had built the restriction somewhere else the first time round but the memory escapes me. Any advice would be appreciated.

I have attached a screenshot of the 'Command sets' and the 'Access policy' configuration that did not work as expected. I can see in the AAA  Tacacs authentication log file that the onward connection via ssh was matched and allowed

P.S I even tried restricting all commands for the user profile in the command sets but telnet and ssh still work.                    

Regards

Ciaran

Labels:
Preview file
49 KB
Preview file
43 KB
0 Helpful
2 Replies 2

jrabinow
Level 7
Level 7

‎06-08-2012 08:09 AM

I think you may be referring to the Max Sessions feature

Can go to

Access Policies > Max User Session Policy > Max Session User Settings and define the maximum sessions for a users in a group

Feature is dependent on accounting for accurate session tracking

ciaranjmurphy
Level 1
Level 1
In response to jrabinow

‎06-08-2012 09:04 AM

Yes, yes, yes; thank you Jrabinow, can't believe I didin't see it right infront of my eyes. thank you

0 Helpful
Customers Also Viewed These Support Documents